ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-11-04 01:15:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: ThatGuyJack:lang-persian
Branches Tags
ThatGuyJack:develop ThatGuyJack:lang-persian ThatGuyJack:dependabot/npm_and_yarn/test/form-data-4.0.4 ThatGuyJack:master ThatGuyJack:v3 ThatGuyJack:bump-freedns ThatGuyJack:openidc ThatGuyJack:ssl-passthrough-hosts ThatGuyJack:static-content
ThatGuyJack:v2.12.6 ThatGuyJack:v2.12.5 ThatGuyJack:v2.12.4 ThatGuyJack:v2.12.3 ThatGuyJack:v2.12.2 ThatGuyJack:v2.12.1 ThatGuyJack:v2.12.0 ThatGuyJack:v2.11.3 ThatGuyJack:v2.11.2 ThatGuyJack:v2.11.1 ThatGuyJack:v2.11.0 ThatGuyJack:v2.10.4 ThatGuyJack:v2.10.3 ThatGuyJack:v2.10.2 ThatGuyJack:v2.10.1 ThatGuyJack:v2.10.0 ThatGuyJack:v2.9.22 ThatGuyJack:v2.9.21 ThatGuyJack:v2.9.20 ThatGuyJack:v2.9.19 ThatGuyJack:v2.9.18 ThatGuyJack:v2.9.17 ThatGuyJack:v2.9.16 ThatGuyJack:v2.9.15 ThatGuyJack:v2.9.14 ThatGuyJack:v2.9.13 ThatGuyJack:v2.9.12 ThatGuyJack:v2.9.11 ThatGuyJack:v2.9.10 ThatGuyJack:v2.9.9 ThatGuyJack:v2.9.8 ThatGuyJack:v2.9.7 ThatGuyJack:v2.9.6 ThatGuyJack:v2.9.5 ThatGuyJack:v2.9.4 ThatGuyJack:v2.9.3 ThatGuyJack:v2.9.2 ThatGuyJack:v2.9.1 ThatGuyJack:v2.9.0 ThatGuyJack:v2.8.1 ThatGuyJack:v2.8.0 ThatGuyJack:v2.7.3 ThatGuyJack:v2.7.2 ThatGuyJack:v2.7.1 ThatGuyJack:v2.7.0 ThatGuyJack:v2.6.2 ThatGuyJack:v2.6.1 ThatGuyJack:v2.6.0 ThatGuyJack:v2.5.0 ThatGuyJack:v2.4.0 ThatGuyJack:v2.3.1 ThatGuyJack:v2.3.0 ThatGuyJack:v2.2.4 ThatGuyJack:v2.2.3 ThatGuyJack:v2.2.2 ThatGuyJack:v2.2.1 ThatGuyJack:v2.2.0 ThatGuyJack:v2.1.2 ThatGuyJack:v2.1.1 ThatGuyJack:v2.1.0 ThatGuyJack:2.0.14 ThatGuyJack:2.0.13 ThatGuyJack:2.0.12 ThatGuyJack:2.0.11 ThatGuyJack:2.0.10 ThatGuyJack:2.0.9 ThatGuyJack:2.0.8 ThatGuyJack:2.0.7 ThatGuyJack:2.0.6 ThatGuyJack:2.0.5 ThatGuyJack:2.0.4 ThatGuyJack:2.0.3 ThatGuyJack:2.0.2 ThatGuyJack:2.0.0 ThatGuyJack:v2.0.0 ThatGuyJack:1.1.2 ThatGuyJack:1.1.1 ThatGuyJack:1.0.1
..
compare: ThatGuyJack:75dbbebf8de0c7d9f87ecda1889faeff74df5b3c
Branches Tags
ThatGuyJack:develop ThatGuyJack:lang-persian ThatGuyJack:dependabot/npm_and_yarn/test/form-data-4.0.4 ThatGuyJack:master ThatGuyJack:v3 ThatGuyJack:bump-freedns ThatGuyJack:openidc ThatGuyJack:ssl-passthrough-hosts ThatGuyJack:static-content
ThatGuyJack:v2.12.6 ThatGuyJack:v2.12.5 ThatGuyJack:v2.12.4 ThatGuyJack:v2.12.3 ThatGuyJack:v2.12.2 ThatGuyJack:v2.12.1 ThatGuyJack:v2.12.0 ThatGuyJack:v2.11.3 ThatGuyJack:v2.11.2 ThatGuyJack:v2.11.1 ThatGuyJack:v2.11.0 ThatGuyJack:v2.10.4 ThatGuyJack:v2.10.3 ThatGuyJack:v2.10.2 ThatGuyJack:v2.10.1 ThatGuyJack:v2.10.0 ThatGuyJack:v2.9.22 ThatGuyJack:v2.9.21 ThatGuyJack:v2.9.20 ThatGuyJack:v2.9.19 ThatGuyJack:v2.9.18 ThatGuyJack:v2.9.17 ThatGuyJack:v2.9.16 ThatGuyJack:v2.9.15 ThatGuyJack:v2.9.14 ThatGuyJack:v2.9.13 ThatGuyJack:v2.9.12 ThatGuyJack:v2.9.11 ThatGuyJack:v2.9.10 ThatGuyJack:v2.9.9 ThatGuyJack:v2.9.8 ThatGuyJack:v2.9.7 ThatGuyJack:v2.9.6 ThatGuyJack:v2.9.5 ThatGuyJack:v2.9.4 ThatGuyJack:v2.9.3 ThatGuyJack:v2.9.2 ThatGuyJack:v2.9.1 ThatGuyJack:v2.9.0 ThatGuyJack:v2.8.1 ThatGuyJack:v2.8.0 ThatGuyJack:v2.7.3 ThatGuyJack:v2.7.2 ThatGuyJack:v2.7.1 ThatGuyJack:v2.7.0 ThatGuyJack:v2.6.2 ThatGuyJack:v2.6.1 ThatGuyJack:v2.6.0 ThatGuyJack:v2.5.0 ThatGuyJack:v2.4.0 ThatGuyJack:v2.3.1 ThatGuyJack:v2.3.0 ThatGuyJack:v2.2.4 ThatGuyJack:v2.2.3 ThatGuyJack:v2.2.2 ThatGuyJack:v2.2.1 ThatGuyJack:v2.2.0 ThatGuyJack:v2.1.2 ThatGuyJack:v2.1.1 ThatGuyJack:v2.1.0 ThatGuyJack:2.0.14 ThatGuyJack:2.0.13 ThatGuyJack:2.0.12 ThatGuyJack:2.0.11 ThatGuyJack:2.0.10 ThatGuyJack:2.0.9 ThatGuyJack:2.0.8 ThatGuyJack:2.0.7 ThatGuyJack:2.0.6 ThatGuyJack:2.0.5 ThatGuyJack:2.0.4 ThatGuyJack:2.0.3 ThatGuyJack:2.0.2 ThatGuyJack:2.0.0 ThatGuyJack:v2.0.0 ThatGuyJack:1.1.2 ThatGuyJack:1.1.1 ThatGuyJack:1.0.1

3 Commits
lang-persi ... 75dbbebf8d

Author SHA1 Message Date
Sergey Kolesnik
75dbbebf8d Merge branch 'NginxProxyManager:develop' into develop 2024-12-23 19:18:09 -05:00
Sergey 'dreik' Kolesnik
f6abe27a8a eslint 2024-12-09 03:49:03 +03:00
Sergey 'dreik' Kolesnik
d8ca38cb26 client_max_body_size setting 2024-12-09 03:17:48 +03:00
650 changed files with 25837 additions and 27886 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,6 +1,5 @@
.DS_Store .DS_Store
.idea .idea
.qodo
._* ._*
.vscode .vscode
certbot-help.txt certbot-help.txt

2
.version
View File

@@ -1 +1 @@
2.13.0 2.12.1

81
Jenkinsfile vendored
View File

@@ -119,16 +119,16 @@ pipeline {
always { always {
// Dumps to analyze later // Dumps to analyze later
sh 'mkdir -p debug/sqlite' sh 'mkdir -p debug/sqlite'
sh 'docker logs $(docker compose ps --all -q fullstack) > debug/sqlite/docker_fullstack.log 2>&1' sh 'docker logs $(docker-compose ps --all -q fullstack) > debug/sqlite/docker_fullstack.log 2>&1'
sh 'docker logs $(docker compose ps --all -q stepca) > debug/sqlite/docker_stepca.log 2>&1' sh 'docker logs $(docker-compose ps --all -q stepca) > debug/sqlite/docker_stepca.log 2>&1'
sh 'docker logs $(docker compose ps --all -q pdns) > debug/sqlite/docker_pdns.log 2>&1' sh 'docker logs $(docker-compose ps --all -q pdns) > debug/sqlite/docker_pdns.log 2>&1'
sh 'docker logs $(docker compose ps --all -q pdns-db) > debug/sqlite/docker_pdns-db.log 2>&1' sh 'docker logs $(docker-compose ps --all -q pdns-db) > debug/sqlite/docker_pdns-db.log 2>&1'
sh 'docker logs $(docker compose ps --all -q dnsrouter) > debug/sqlite/docker_dnsrouter.log 2>&1' sh 'docker logs $(docker-compose ps --all -q dnsrouter) > debug/sqlite/docker_dnsrouter.log 2>&1'
junit 'test/results/junit/*' junit 'test/results/junit/*'
sh 'docker compose down --remove-orphans --volumes -t 30 || true' sh 'docker-compose down --remove-orphans --volumes -t 30 || true'
} }
unstable { unstable {
dir(path: 'test/results') { dir(path: 'testing/results') {
archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml') archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
} }
} }
@@ -152,54 +152,16 @@ pipeline {
always { always {
// Dumps to analyze later // Dumps to analyze later
sh 'mkdir -p debug/mysql' sh 'mkdir -p debug/mysql'
sh 'docker logs $(docker compose ps --all -q fullstack) > debug/mysql/docker_fullstack.log 2>&1' sh 'docker logs $(docker-compose ps --all -q fullstack) > debug/mysql/docker_fullstack.log 2>&1'
sh 'docker logs $(docker compose ps --all -q stepca) > debug/mysql/docker_stepca.log 2>&1' sh 'docker logs $(docker-compose ps --all -q stepca) > debug/mysql/docker_stepca.log 2>&1'
sh 'docker logs $(docker compose ps --all -q pdns) > debug/mysql/docker_pdns.log 2>&1' sh 'docker logs $(docker-compose ps --all -q pdns) > debug/mysql/docker_pdns.log 2>&1'
sh 'docker logs $(docker compose ps --all -q pdns-db) > debug/mysql/docker_pdns-db.log 2>&1' sh 'docker logs $(docker-compose ps --all -q pdns-db) > debug/mysql/docker_pdns-db.log 2>&1'
sh 'docker logs $(docker compose ps --all -q dnsrouter) > debug/mysql/docker_dnsrouter.log 2>&1' sh 'docker logs $(docker-compose ps --all -q dnsrouter) > debug/mysql/docker_dnsrouter.log 2>&1'
junit 'test/results/junit/*' junit 'test/results/junit/*'
sh 'docker compose down --remove-orphans --volumes -t 30 || true' sh 'docker-compose down --remove-orphans --volumes -t 30 || true'
} }
unstable { unstable {
dir(path: 'test/results') { dir(path: 'testing/results') {
archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
}
}
}
}
stage('Test Postgres') {
environment {
COMPOSE_PROJECT_NAME = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}_postgres"
COMPOSE_FILE = 'docker/docker-compose.ci.yml:docker/docker-compose.ci.postgres.yml'
}
when {
not {
equals expected: 'UNSTABLE', actual: currentBuild.result
}
}
steps {
sh 'rm -rf ./test/results/junit/*'
sh './scripts/ci/fulltest-cypress'
}
post {
always {
// Dumps to analyze later
sh 'mkdir -p debug/postgres'
sh 'docker logs $(docker compose ps --all -q fullstack) > debug/postgres/docker_fullstack.log 2>&1'
sh 'docker logs $(docker compose ps --all -q stepca) > debug/postgres/docker_stepca.log 2>&1'
sh 'docker logs $(docker compose ps --all -q pdns) > debug/postgres/docker_pdns.log 2>&1'
sh 'docker logs $(docker compose ps --all -q pdns-db) > debug/postgres/docker_pdns-db.log 2>&1'
sh 'docker logs $(docker compose ps --all -q dnsrouter) > debug/postgres/docker_dnsrouter.log 2>&1'
sh 'docker logs $(docker compose ps --all -q db-postgres) > debug/postgres/docker_db-postgres.log 2>&1'
sh 'docker logs $(docker compose ps --all -q authentik) > debug/postgres/docker_authentik.log 2>&1'
sh 'docker logs $(docker compose ps --all -q authentik-redis) > debug/postgres/docker_authentik-redis.log 2>&1'
sh 'docker logs $(docke rcompose ps --all -q authentik-ldap) > debug/postgres/docker_authentik-ldap.log 2>&1'
junit 'test/results/junit/*'
sh 'docker compose down --remove-orphans --volumes -t 30 || true'
}
unstable {
dir(path: 'test/results') {
archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml') archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
} }
} }
@@ -241,17 +203,12 @@ pipeline {
} }
steps { steps {
script { script {
npmGithubPrComment("""Docker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/nginxproxymanager/${IMAGE}-dev): npmGithubPrComment("""Docker Image for build ${BUILD_NUMBER} is available on
``` [DockerHub](https://cloud.docker.com/repository/docker/nginxproxymanager/${IMAGE}-dev)
nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER} as `nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}`
```
> [!NOTE] **Note:** ensure you backup your NPM instance before testing this image! Especially if there are database changes
> Ensure you backup your NPM instance before testing this image! Especially if there are database changes. **Note:** this is a different docker image namespace than the official image
> This is a different docker image namespace than the official image.
> [!WARNING]
> Changes and additions to DNS Providers require verification by at least 2 members of the community!
""", true) """, true)
} }
} }

14
README.md
View File

@@ -1,7 +1,7 @@
<p align="center"> <p align="center">
<img src="https://nginxproxymanager.com/github.png"> <img src="https://nginxproxymanager.com/github.png">
<br><br> <br><br>
<img src="https://img.shields.io/badge/version-2.13.0-green.svg?style=for-the-badge"> <img src="https://img.shields.io/badge/version-2.12.1-green.svg?style=for-the-badge">
<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager"> <a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge"> <img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
</a> </a>
@@ -74,7 +74,11 @@ This is the bare minimum configuration required. See the [documentation](https:/
3. Bring up your stack by running 3. Bring up your stack by running
```bash ```bash
docker-compose up -d
# If using docker-compose-plugin
docker compose up -d docker compose up -d
``` ```
4. Log in to the Admin UI 4. Log in to the Admin UI
@@ -84,6 +88,14 @@ Sometimes this can take a little bit because of the entropy of keys.
[http://127.0.0.1:81](http://127.0.0.1:81) [http://127.0.0.1:81](http://127.0.0.1:81)
Default Admin User:
```
Email: admin@example.com
Password: changeme
```
Immediately after logging in with this default user you will be asked to modify your details and change your password.
## Contributing ## Contributing

73
backend/.eslintrc.json Normal file
View File

@@ -0,0 +1,73 @@
{
"env": {
"node": true,
"es6": true
},
"extends": [
"eslint:recommended"
],
"globals": {
"Atomics": "readonly",
"SharedArrayBuffer": "readonly"
},
"parserOptions": {
"ecmaVersion": 2018,
"sourceType": "module"
},
"plugins": [
"align-assignments"
],
"rules": {
"arrow-parens": [
"error",
"always"
],
"indent": [
"error",
"tab"
],
"linebreak-style": [
"error",
"unix"
],
"quotes": [
"error",
"single"
],
"semi": [
"error",
"always"
],
"key-spacing": [
"error",
{
"align": "value"
}
],
"comma-spacing": [
"error",
{
"before": false,
"after": true
}
],
"func-call-spacing": [
"error",
"never"
],
"keyword-spacing": [
"error",
{
"before": true
}
],
"no-irregular-whitespace": "error",
"no-unused-expressions": 0,
"align-assignments/align-assignments": [
2,
{
"requiresOnly": false
}
]
}
}

11
backend/.prettierrc Normal file
View File

@@ -0,0 +1,11 @@
{
"printWidth": 320,
"tabWidth": 4,
"useTabs": true,
"semi": true,
"singleQuote": true,
"bracketSpacing": true,
"jsxBracketSameLine": true,
"trailingComma": "all",
"proseWrap": "always"
}

86
backend/app.js
View File

@@ -1,12 +1,9 @@
import bodyParser from "body-parser"; const express = require('express');
import compression from "compression"; const bodyParser = require('body-parser');
import express from "express"; const fileUpload = require('express-fileupload');
import fileUpload from "express-fileupload"; const compression = require('compression');
import { isDebugMode } from "./lib/config.js"; const config = require('./lib/config');
import cors from "./lib/express/cors.js"; const log = require('./logger').express;
import jwt from "./lib/express/jwt.js";
import { express as logger } from "./logger.js";
import mainRoutes from "./routes/main.js";
/** /**
* App * App
@@ -14,7 +11,7 @@ import mainRoutes from "./routes/main.js";
const app = express(); const app = express();
app.use(fileUpload()); app.use(fileUpload());
app.use(bodyParser.json()); app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true })); app.use(bodyParser.urlencoded({extended: true}));
// Gzip // Gzip
app.use(compression()); app.use(compression());
@@ -23,70 +20,71 @@ app.use(compression());
* General Logging, BEFORE routes * General Logging, BEFORE routes
*/ */
app.disable("x-powered-by"); app.disable('x-powered-by');
app.enable("trust proxy", ["loopback", "linklocal", "uniquelocal"]); app.enable('trust proxy', ['loopback', 'linklocal', 'uniquelocal']);
app.enable("strict routing"); app.enable('strict routing');
// pretty print JSON when not live // pretty print JSON when not live
if (isDebugMode()) { if (config.debug()) {
app.set("json spaces", 2); app.set('json spaces', 2);
} }
// CORS for everything // CORS for everything
app.use(cors); app.use(require('./lib/express/cors'));
// General security/cache related headers + server header // General security/cache related headers + server header
app.use((_, res, next) => { app.use(function (req, res, next) {
let x_frame_options = "DENY"; let x_frame_options = 'DENY';
if (typeof process.env.X_FRAME_OPTIONS !== "undefined" && process.env.X_FRAME_OPTIONS) { if (typeof process.env.X_FRAME_OPTIONS !== 'undefined' && process.env.X_FRAME_OPTIONS) {
x_frame_options = process.env.X_FRAME_OPTIONS; x_frame_options = process.env.X_FRAME_OPTIONS;
} }
res.set({ res.set({
"X-XSS-Protection": "1; mode=block", 'X-XSS-Protection': '1; mode=block',
"X-Content-Type-Options": "nosniff", 'X-Content-Type-Options': 'nosniff',
"X-Frame-Options": x_frame_options, 'X-Frame-Options': x_frame_options,
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate", 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
Pragma: "no-cache", Pragma: 'no-cache',
Expires: 0, Expires: 0
}); });
next(); next();
}); });
app.use(jwt()); app.use(require('./lib/express/jwt')());
app.use("/", mainRoutes); app.use('/', require('./routes/main'));
// production error handler // production error handler
// no stacktraces leaked to user // no stacktraces leaked to user
app.use((err, req, res, _) => { // eslint-disable-next-line
const payload = { app.use(function (err, req, res, next) {
let payload = {
error: { error: {
code: err.status, code: err.status,
message: err.public ? err.message : "Internal Error", message: err.public ? err.message : 'Internal Error'
}, }
}; };
if (typeof err.message_i18n !== "undefined") { if (config.debug() || (req.baseUrl + req.path).includes('nginx/certificates')) {
payload.error.message_i18n = err.message_i18n;
}
if (isDebugMode() || (req.baseUrl + req.path).includes("nginx/certificates")) {
payload.debug = { payload.debug = {
stack: typeof err.stack !== "undefined" && err.stack ? err.stack.split("\n") : null, stack: typeof err.stack !== 'undefined' && err.stack ? err.stack.split('\n') : null,
previous: err.previous, previous: err.previous
}; };
} }
// Not every error is worth logging - but this is good for now until it gets annoying. // Not every error is worth logging - but this is good for now until it gets annoying.
if (typeof err.stack !== "undefined" && err.stack) { if (typeof err.stack !== 'undefined' && err.stack) {
logger.debug(err.stack); if (config.debug()) {
if (typeof err.public === "undefined" || !err.public) { log.debug(err.stack);
logger.warn(err.message); } else if (typeof err.public == 'undefined' || !err.public) {
log.warn(err.message);
} }
} }
res.status(err.status || 500).send(payload); res
.status(err.status || 500)
.send(payload);
}); });
export default app; module.exports = app;

91
backend/biome.json
View File

@@ -1,91 +0,0 @@
{
"$schema": "https://biomejs.dev/schemas/2.3.1/schema.json",
"vcs": {
"enabled": true,
"clientKind": "git",
"useIgnoreFile": true
},
"files": {
"ignoreUnknown": false,
"includes": [
"**/*.ts",
"**/*.tsx",
"**/*.js",
"**/*.jsx",
"!**/dist/**/*"
]
},
"formatter": {
"enabled": true,
"indentStyle": "tab",
"indentWidth": 4,
"lineWidth": 120,
"formatWithErrors": true
},
"assist": {
"actions": {
"source": {
"organizeImports": {
"level": "on",
"options": {
"groups": [
":BUN:",
":NODE:",
[
"npm:*",
"npm:*/**"
],
":PACKAGE_WITH_PROTOCOL:",
":URL:",
":PACKAGE:",
[
"/src/*",
"/src/**"
],
[
"/**"
],
[
"#*",
"#*/**"
],
":PATH:"
]
}
}
}
}
},
"linter": {
"enabled": true,
"rules": {
"recommended": true,
"correctness": {
"useUniqueElementIds": "off"
},
"suspicious": {
"noExplicitAny": "off"
},
"performance": {
"noDelete": "off"
},
"nursery": "off",
"a11y": {
"useSemanticElements": "off",
"useValidAnchor": "off"
},
"style": {
"noParameterAssign": "error",
"useAsConstAssertion": "error",
"useDefaultParameterLast": "error",
"useEnumInitializers": "error",
"useSelfClosingElements": "error",
"useSingleVarDeclarator": "error",
"noUnusedTemplateLiteral": "error",
"useNumberNamespace": "error",
"noInferrableTypes": "error",
"noUselessElse": "error"
}
}
}
}

29
backend/db.js
View File

@@ -1,19 +1,14 @@
import knex from "knex"; const config = require('./lib/config');
import {configGet, configHas} from "./lib/config.js";
const generateDbConfig = () => { if (!config.has('database')) {
if (!configHas("database")) { throw new Error('Database config does not exist! Please read the instructions: https://nginxproxymanager.com/setup/');
throw new Error( }
"Database config does not exist! Please read the instructions: https://nginxproxymanager.com/setup/",
);
}
const cfg = configGet("database"); function generateDbConfig() {
const cfg = config.get('database');
if (cfg.engine === "knex-native") { if (cfg.engine === 'knex-native') {
return cfg.knex; return cfg.knex;
} }
return { return {
client: cfg.engine, client: cfg.engine,
connection: { connection: {
@@ -21,12 +16,12 @@ const generateDbConfig = () => {
user: cfg.user, user: cfg.user,
password: cfg.password, password: cfg.password,
database: cfg.name, database: cfg.name,
port: cfg.port, port: cfg.port
}, },
migrations: { migrations: {
tableName: "migrations", tableName: 'migrations'
}, }
}; };
}; }
export default knex(generateDbConfig()); module.exports = require('knex')(generateDbConfig());

45
backend/index.js
View File

@@ -1,47 +1,37 @@
#!/usr/bin/env node #!/usr/bin/env node
import app from "./app.js"; const schema = require('./schema');
import internalCertificate from "./internal/certificate.js"; const logger = require('./logger').global;
import internalIpRanges from "./internal/ip_ranges.js";
import { global as logger } from "./logger.js";
import { migrateUp } from "./migrate.js";
import { getCompiledSchema } from "./schema/index.js";
import setup from "./setup.js";
const IP_RANGES_FETCH_ENABLED = process.env.IP_RANGES_FETCH_ENABLED !== "false"; async function appStart () {
const migrate = require('./migrate');
const setup = require('./setup');
const app = require('./app');
const internalCertificate = require('./internal/certificate');
const internalIpRanges = require('./internal/ip_ranges');
async function appStart() { return migrate.latest()
return migrateUp()
.then(setup) .then(setup)
.then(getCompiledSchema) .then(schema.getCompiledSchema)
.then(() => { .then(internalIpRanges.fetch)
if (!IP_RANGES_FETCH_ENABLED) {
logger.info("IP Ranges fetch is disabled by environment variable");
return;
}
logger.info("IP Ranges fetch is enabled");
return internalIpRanges.fetch().catch((err) => {
logger.error("IP Ranges fetch failed, continuing anyway:", err.message);
});
})
.then(() => { .then(() => {
internalCertificate.initTimer(); internalCertificate.initTimer();
internalIpRanges.initTimer(); internalIpRanges.initTimer();
const server = app.listen(3000, () => { const server = app.listen(3000, () => {
logger.info(`Backend PID ${process.pid} listening on port 3000 ...`); logger.info('Backend PID ' + process.pid + ' listening on port 3000 ...');
process.on("SIGTERM", () => { process.on('SIGTERM', () => {
logger.info(`PID ${process.pid} received SIGTERM`); logger.info('PID ' + process.pid + ' received SIGTERM');
server.close(() => { server.close(() => {
logger.info("Stopping."); logger.info('Stopping.');
process.exit(0); process.exit(0);
}); });
}); });
}); });
}) })
.catch((err) => { .catch((err) => {
logger.error(`Startup Error: ${err.message}`, err); logger.error(err.message, err);
setTimeout(appStart, 1000); setTimeout(appStart, 1000);
}); });
} }
@@ -49,6 +39,7 @@ async function appStart() {
try { try {
appStart(); appStart();
} catch (err) { } catch (err) {
logger.fatal(err); logger.error(err.message, err);
process.exit(1); process.exit(1);
} }

530
backend/internal/access-list.js
View File

@@ -1,94 +1,103 @@
import fs from "node:fs"; const _ = require('lodash');
import batchflow from "batchflow"; const fs = require('fs');
import _ from "lodash"; const batchflow = require('batchflow');
import errs from "../lib/error.js"; const logger = require('../logger').access;
import utils from "../lib/utils.js"; const error = require('../lib/error');
import { access as logger } from "../logger.js"; const utils = require('../lib/utils');
import accessListModel from "../models/access_list.js"; const accessListModel = require('../models/access_list');
import accessListAuthModel from "../models/access_list_auth.js"; const accessListAuthModel = require('../models/access_list_auth');
import accessListClientModel from "../models/access_list_client.js"; const accessListClientModel = require('../models/access_list_client');
import proxyHostModel from "../models/proxy_host.js"; const proxyHostModel = require('../models/proxy_host');
import internalAuditLog from "./audit-log.js"; const internalAuditLog = require('./audit-log');
import internalNginx from "./nginx.js"; const internalNginx = require('./nginx');
const omissions = () => { function omissions () {
return ["is_deleted"]; return ['is_deleted'];
}; }
const internalAccessList = { const internalAccessList = {
/** /**
* @param {Access} access * @param {Access} access
* @param {Object} data * @param {Object} data
* @returns {Promise} * @returns {Promise}
*/ */
create: async (access, data) => { create: (access, data) => {
await access.can("access_lists:create", data); return access.can('access_lists:create', data)
const row = await accessListModel .then((/*access_data*/) => {
return accessListModel
.query() .query()
.insertAndFetch({ .insertAndFetch({
name: data.name, name: data.name,
satisfy_any: data.satisfy_any, satisfy_any: data.satisfy_any,
pass_auth: data.pass_auth, pass_auth: data.pass_auth,
owner_user_id: access.token.getUserId(1), owner_user_id: access.token.getUserId(1)
}) })
.then(utils.omitRow(omissions())); .then(utils.omitRow(omissions()));
})
.then((row) => {
data.id = row.id; data.id = row.id;
const promises = []; let promises = [];
// Items
// Now add the items
data.items.map((item) => { data.items.map((item) => {
promises.push( promises.push(accessListAuthModel
accessListAuthModel.query().insert({ .query()
.insert({
access_list_id: row.id, access_list_id: row.id,
username: item.username, username: item.username,
password: item.password, password: item.password
}), })
); );
return true;
}); });
// Clients // Now add the clients
data.clients?.map((client) => { if (typeof data.clients !== 'undefined' && data.clients) {
promises.push( data.clients.map((client) => {
accessListClientModel.query().insert({ promises.push(accessListClientModel
.query()
.insert({
access_list_id: row.id, access_list_id: row.id,
address: client.address, address: client.address,
directive: client.directive, directive: client.directive
}), })
); );
return true;
}); });
await Promise.all(promises);
// re-fetch with expansions
const freshRow = await internalAccessList.get(
access,
{
id: data.id,
expand: ["owner", "items", "clients", "proxy_hosts.access_list.[clients,items]"],
},
true // skip masking
);
// Audit log
data.meta = _.assign({}, data.meta || {}, freshRow.meta);
await internalAccessList.build(freshRow);
if (Number.parseInt(freshRow.proxy_host_count, 10)) {
await internalNginx.bulkGenerateConfigs("proxy_host", freshRow.proxy_hosts);
} }
// Add to audit log return Promise.all(promises);
await internalAuditLog.add(access, { })
action: "created", .then(() => {
object_type: "access-list", // re-fetch with expansions
object_id: freshRow.id, return internalAccessList.get(access, {
meta: internalAccessList.maskItems(data), id: data.id,
}); expand: ['owner', 'items', 'clients', 'proxy_hosts.access_list.[clients,items]']
}, true /* <- skip masking */);
})
.then((row) => {
// Audit log
data.meta = _.assign({}, data.meta || {}, row.meta);
return internalAccessList.maskItems(freshRow); return internalAccessList.build(row)
.then(() => {
if (row.proxy_host_count) {
return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
}
})
.then(() => {
// Add to audit log
return internalAuditLog.add(access, {
action: 'created',
object_type: 'access-list',
object_id: row.id,
meta: internalAccessList.maskItems(data)
});
})
.then(() => {
return internalAccessList.maskItems(row);
});
});
}, },
/** /**
@@ -99,107 +108,129 @@ const internalAccessList = {
* @param {String} [data.items] * @param {String} [data.items]
* @return {Promise} * @return {Promise}
*/ */
update: async (access, data) => { update: (access, data) => {
await access.can("access_lists:update", data.id); return access.can('access_lists:update', data.id)
const row = await internalAccessList.get(access, { id: data.id }); .then((/*access_data*/) => {
return internalAccessList.get(access, {id: data.id});
})
.then((row) => {
if (row.id !== data.id) { if (row.id !== data.id) {
// Sanity check that something crazy hasn't happened // Sanity check that something crazy hasn't happened
throw new errs.InternalValidationError( throw new error.InternalValidationError('Access List could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
`Access List could not be updated, IDs do not match: ${row.id} !== ${data.id}`,
);
} }
})
.then(() => {
// patch name if specified // patch name if specified
if (typeof data.name !== "undefined" && data.name) { if (typeof data.name !== 'undefined' && data.name) {
await accessListModel.query().where({ id: data.id }).patch({ return accessListModel
.query()
.where({id: data.id})
.patch({
name: data.name, name: data.name,
satisfy_any: data.satisfy_any, satisfy_any: data.satisfy_any,
pass_auth: data.pass_auth, pass_auth: data.pass_auth,
}); });
} }
})
.then(() => {
// Check for items and add/update/remove them // Check for items and add/update/remove them
if (typeof data.items !== "undefined" && data.items) { if (typeof data.items !== 'undefined' && data.items) {
const promises = []; let promises = [];
const itemsToKeep = []; let items_to_keep = [];
data.items.map((item) => { data.items.map(function (item) {
if (item.password) { if (item.password) {
promises.push( promises.push(accessListAuthModel
accessListAuthModel.query().insert({ .query()
.insert({
access_list_id: data.id, access_list_id: data.id,
username: item.username, username: item.username,
password: item.password, password: item.password
}), })
); );
} else { } else {
// This was supplied with an empty password, which means keep it but don't change the password // This was supplied with an empty password, which means keep it but don't change the password
itemsToKeep.push(item.username); items_to_keep.push(item.username);
} }
return true;
}); });
const query = accessListAuthModel.query().delete().where("access_list_id", data.id); let query = accessListAuthModel
.query()
.delete()
.where('access_list_id', data.id);
if (itemsToKeep.length) { if (items_to_keep.length) {
query.andWhere("username", "NOT IN", itemsToKeep); query.andWhere('username', 'NOT IN', items_to_keep);
} }
await query; return query
.then(() => {
// Add new items // Add new items
if (promises.length) { if (promises.length) {
await Promise.all(promises); return Promise.all(promises);
} }
});
} }
})
.then(() => {
// Check for clients and add/update/remove them // Check for clients and add/update/remove them
if (typeof data.clients !== "undefined" && data.clients) { if (typeof data.clients !== 'undefined' && data.clients) {
const clientPromises = []; let promises = [];
data.clients.map((client) => {
data.clients.map(function (client) {
if (client.address) { if (client.address) {
clientPromises.push( promises.push(accessListClientModel
accessListClientModel.query().insert({ .query()
.insert({
access_list_id: data.id, access_list_id: data.id,
address: client.address, address: client.address,
directive: client.directive, directive: client.directive
}), })
); );
} }
return true;
}); });
const query = accessListClientModel.query().delete().where("access_list_id", data.id); let query = accessListClientModel
await query; .query()
// Add new clitens .delete()
if (clientPromises.length) { .where('access_list_id', data.id);
await Promise.all(clientPromises);
}
}
return query
.then(() => {
// Add new items
if (promises.length) {
return Promise.all(promises);
}
});
}
})
.then(() => {
// Add to audit log // Add to audit log
await internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "updated", action: 'updated',
object_type: "access-list", object_type: 'access-list',
object_id: data.id, object_id: data.id,
meta: internalAccessList.maskItems(data), meta: internalAccessList.maskItems(data)
}); });
})
.then(() => {
// re-fetch with expansions // re-fetch with expansions
const freshRow = await internalAccessList.get( return internalAccessList.get(access, {
access,
{
id: data.id, id: data.id,
expand: ["owner", "items", "clients", "proxy_hosts.[certificate,access_list.[clients,items]]"], expand: ['owner', 'items', 'clients', 'proxy_hosts.[certificate,access_list.[clients,items]]']
}, }, true /* <- skip masking */);
true // skip masking })
); .then((row) => {
return internalAccessList.build(row)
await internalAccessList.build(freshRow) .then(() => {
if (Number.parseInt(freshRow.proxy_host_count, 10)) { if (row.proxy_host_count) {
await internalNginx.bulkGenerateConfigs("proxy_host", freshRow.proxy_hosts); return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
} }
await internalNginx.reload(); }).then(internalNginx.reload)
return internalAccessList.maskItems(freshRow); .then(() => {
return internalAccessList.maskItems(row);
});
});
}, },
/** /**
@@ -208,50 +239,48 @@ const internalAccessList = {
* @param {Integer} data.id * @param {Integer} data.id
* @param {Array} [data.expand] * @param {Array} [data.expand]
* @param {Array} [data.omit] * @param {Array} [data.omit]
* @param {Boolean} [skipMasking] * @param {Boolean} [skip_masking]
* @return {Promise} * @return {Promise}
*/ */
get: async (access, data, skipMasking) => { get: (access, data, skip_masking) => {
const thisData = data || {}; if (typeof data === 'undefined') {
const accessData = await access.can("access_lists:get", thisData.id) data = {};
}
const query = accessListModel return access.can('access_lists:get', data.id)
.then((access_data) => {
let query = accessListModel
.query() .query()
.select("access_list.*", accessListModel.raw("COUNT(proxy_host.id) as proxy_host_count")) .select('access_list.*', accessListModel.raw('COUNT(proxy_host.id) as proxy_host_count'))
.leftJoin("proxy_host", function () { .joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
this.on("proxy_host.access_list_id", "=", "access_list.id").andOn( .where('access_list.is_deleted', 0)
"proxy_host.is_deleted", .andWhere('access_list.id', data.id)
"=", .allowGraph('[owner,items,clients,proxy_hosts.[certificate,access_list.[clients,items]]]')
0,
);
})
.where("access_list.is_deleted", 0)
.andWhere("access_list.id", thisData.id)
.groupBy("access_list.id")
.allowGraph("[owner,items,clients,proxy_hosts.[certificate,access_list.[clients,items]]]")
.first(); .first();
if (accessData.permission_visibility !== "all") { if (access_data.permission_visibility !== 'all') {
query.andWhere("access_list.owner_user_id", access.token.getUserId(1)); query.andWhere('access_list.owner_user_id', access.token.getUserId(1));
} }
if (typeof thisData.expand !== "undefined" && thisData.expand !== null) { if (typeof data.expand !== 'undefined' && data.expand !== null) {
query.withGraphFetched(`[${thisData.expand.join(", ")}]`); query.withGraphFetched('[' + data.expand.join(', ') + ']');
} }
let row = await query.then(utils.omitRow(omissions())); return query.then(utils.omitRow(omissions()));
})
.then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(thisData.id); throw new error.ItemNotFoundError(data.id);
} }
if (!skipMasking && typeof row.items !== "undefined" && row.items) { if (!skip_masking && typeof row.items !== 'undefined' && row.items) {
row = internalAccessList.maskItems(row); row = internalAccessList.maskItems(row);
} }
// Custom omissions // Custom omissions
if (typeof data.omit !== "undefined" && data.omit !== null) { if (typeof data.omit !== 'undefined' && data.omit !== null) {
row = _.omit(row, data.omit); row = _.omit(row, data.omit);
} }
return row; return row;
});
}, },
/** /**
@@ -261,15 +290,14 @@ const internalAccessList = {
* @param {String} [data.reason] * @param {String} [data.reason]
* @returns {Promise} * @returns {Promise}
*/ */
delete: async (access, data) => { delete: (access, data) => {
await access.can("access_lists:delete", data.id); return access.can('access_lists:delete', data.id)
const row = await internalAccessList.get(access, { .then(() => {
id: data.id, return internalAccessList.get(access, {id: data.id, expand: ['proxy_hosts', 'items', 'clients']});
expand: ["proxy_hosts", "items", "clients"], })
}); .then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id); throw new error.ItemNotFoundError(data.id);
} }
// 1. update row to be deleted // 1. update row to be deleted
@@ -278,47 +306,57 @@ const internalAccessList = {
// 4. audit log // 4. audit log
// 1. update row to be deleted // 1. update row to be deleted
await accessListModel return accessListModel
.query() .query()
.where("id", row.id) .where('id', row.id)
.patch({ .patch({
is_deleted: 1, is_deleted: 1
}); })
.then(() => {
// 2. update any proxy hosts that were using it (ignoring permissions) // 2. update any proxy hosts that were using it (ignoring permissions)
if (row.proxy_hosts) { if (row.proxy_hosts) {
await proxyHostModel return proxyHostModel
.query() .query()
.where("access_list_id", "=", row.id) .where('access_list_id', '=', row.id)
.patch({ access_list_id: 0 }); .patch({access_list_id: 0})
.then(() => {
// 3. reconfigure those hosts, then reload nginx // 3. reconfigure those hosts, then reload nginx
// set the access_list_id to zero for these items // set the access_list_id to zero for these items
row.proxy_hosts.map((_val, idx) => { row.proxy_hosts.map(function (val, idx) {
row.proxy_hosts[idx].access_list_id = 0; row.proxy_hosts[idx].access_list_id = 0;
return true;
}); });
await internalNginx.bulkGenerateConfigs("proxy_host", row.proxy_hosts); return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
})
.then(() => {
return internalNginx.reload();
});
} }
})
await internalNginx.reload(); .then(() => {
// delete the htpasswd file // delete the htpasswd file
let htpasswd_file = internalAccessList.getFilename(row);
try { try {
fs.unlinkSync(internalAccessList.getFilename(row)); fs.unlinkSync(htpasswd_file);
} catch (_err) { } catch (err) {
// do nothing // do nothing
} }
})
.then(() => {
// 4. audit log // 4. audit log
await internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "deleted", action: 'deleted',
object_type: "access-list", object_type: 'access-list',
object_id: row.id, object_id: row.id,
meta: _.omit(internalAccessList.maskItems(row), ["is_deleted", "proxy_hosts"]), meta: _.omit(internalAccessList.maskItems(row), ['is_deleted', 'proxy_hosts'])
}); });
});
})
.then(() => {
return true; return true;
});
}, },
/** /**
@@ -326,73 +364,72 @@ const internalAccessList = {
* *
* @param {Access} access * @param {Access} access
* @param {Array} [expand] * @param {Array} [expand]
* @param {String} [searchQuery] * @param {String} [search_query]
* @returns {Promise} * @returns {Promise}
*/ */
getAll: async (access, expand, searchQuery) => { getAll: (access, expand, search_query) => {
const accessData = await access.can("access_lists:list"); return access.can('access_lists:list')
.then((access_data) => {
const query = accessListModel let query = accessListModel
.query() .query()
.select("access_list.*", accessListModel.raw("COUNT(proxy_host.id) as proxy_host_count")) .select('access_list.*', accessListModel.raw('COUNT(proxy_host.id) as proxy_host_count'))
.leftJoin("proxy_host", function () { .joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
this.on("proxy_host.access_list_id", "=", "access_list.id").andOn( .where('access_list.is_deleted', 0)
"proxy_host.is_deleted", .groupBy('access_list.id')
"=", .allowGraph('[owner,items,clients]')
0, .orderBy('access_list.name', 'ASC');
);
})
.where("access_list.is_deleted", 0)
.groupBy("access_list.id")
.allowGraph("[owner,items,clients]")
.orderBy("access_list.name", "ASC");
if (accessData.permission_visibility !== "all") { if (access_data.permission_visibility !== 'all') {
query.andWhere("access_list.owner_user_id", access.token.getUserId(1)); query.andWhere('access_list.owner_user_id', access.token.getUserId(1));
} }
// Query is used for searching // Query is used for searching
if (typeof searchQuery === "string") { if (typeof search_query === 'string') {
query.where(function () { query.where(function () {
this.where("name", "like", `%${searchQuery}%`); this.where('name', 'like', '%' + search_query + '%');
}); });
} }
if (typeof expand !== "undefined" && expand !== null) { if (typeof expand !== 'undefined' && expand !== null) {
query.withGraphFetched(`[${expand.join(", ")}]`); query.withGraphFetched('[' + expand.join(', ') + ']');
} }
const rows = await query.then(utils.omitRows(omissions())); return query.then(utils.omitRows(omissions()));
})
.then((rows) => {
if (rows) { if (rows) {
rows.map((row, idx) => { rows.map(function (row, idx) {
if (typeof row.items !== "undefined" && row.items) { if (typeof row.items !== 'undefined' && row.items) {
rows[idx] = internalAccessList.maskItems(row); rows[idx] = internalAccessList.maskItems(row);
} }
return true;
}); });
} }
return rows; return rows;
});
}, },
/** /**
* Count is used in reports * Report use
* *
* @param {Integer} userId * @param {Integer} user_id
* @param {String} visibility * @param {String} visibility
* @returns {Promise} * @returns {Promise}
*/ */
getCount: async (userId, visibility) => { getCount: (user_id, visibility) => {
const query = accessListModel let query = accessListModel
.query() .query()
.count("id as count") .count('id as count')
.where("is_deleted", 0); .where('is_deleted', 0);
if (visibility !== "all") { if (visibility !== 'all') {
query.andWhere("owner_user_id", userId); query.andWhere('owner_user_id', user_id);
} }
const row = await query.first(); return query.first()
return Number.parseInt(row.count, 10); .then((row) => {
return parseInt(row.count, 10);
});
}, },
/** /**
@@ -400,21 +437,21 @@ const internalAccessList = {
* @returns {Object} * @returns {Object}
*/ */
maskItems: (list) => { maskItems: (list) => {
if (list && typeof list.items !== "undefined") { if (list && typeof list.items !== 'undefined') {
list.items.map((val, idx) => { list.items.map(function (val, idx) {
let repeatFor = 8; let repeat_for = 8;
let firstChar = "*"; let first_char = '*';
if (typeof val.password !== "undefined" && val.password) { if (typeof val.password !== 'undefined' && val.password) {
repeatFor = val.password.length - 1; repeat_for = val.password.length - 1;
firstChar = val.password.charAt(0); first_char = val.password.charAt(0);
} }
list.items[idx].hint = firstChar + "*".repeat(repeatFor); list.items[idx].hint = first_char + ('*').repeat(repeat_for);
list.items[idx].password = ""; list.items[idx].password = '';
return true;
}); });
} }
return list; return list;
}, },
@@ -424,7 +461,7 @@ const internalAccessList = {
* @returns {String} * @returns {String}
*/ */
getFilename: (list) => { getFilename: (list) => {
return `/data/access/${list.id}`; return '/data/access/' + list.id;
}, },
/** /**
@@ -434,36 +471,38 @@ const internalAccessList = {
* @param {Array} list.items * @param {Array} list.items
* @returns {Promise} * @returns {Promise}
*/ */
build: async (list) => { build: (list) => {
logger.info(`Building Access file #${list.id} for: ${list.name}`); logger.info('Building Access file #' + list.id + ' for: ' + list.name);
const htpasswdFile = internalAccessList.getFilename(list); return new Promise((resolve, reject) => {
let htpasswd_file = internalAccessList.getFilename(list);
// 1. remove any existing access file // 1. remove any existing access file
try { try {
fs.unlinkSync(htpasswdFile); fs.unlinkSync(htpasswd_file);
} catch (_err) { } catch (err) {
// do nothing // do nothing
} }
// 2. create empty access file // 2. create empty access file
fs.writeFileSync(htpasswdFile, '', {encoding: 'utf8'});
// 3. generate password for each user
if (list.items.length) {
await new Promise((resolve, reject) => {
batchflow(list.items).sequential()
.each((_i, item, next) => {
if (item.password?.length) {
logger.info(`Adding: ${item.username}`);
utils.execFile('openssl', ['passwd', '-apr1', item.password])
.then((res) => {
try { try {
fs.appendFileSync(htpasswdFile, `${item.username}:${res}\n`, {encoding: 'utf8'}); fs.writeFileSync(htpasswd_file, '', {encoding: 'utf8'});
resolve(htpasswd_file);
} catch (err) { } catch (err) {
reject(err); reject(err);
} }
})
.then((htpasswd_file) => {
// 3. generate password for each user
if (list.items.length) {
return new Promise((resolve, reject) => {
batchflow(list.items).sequential()
.each((i, item, next) => {
if (typeof item.password !== 'undefined' && item.password.length) {
logger.info('Adding: ' + item.username);
utils.execFile('/usr/bin/htpasswd', ['-b', htpasswd_file, item.username, item.password])
.then((/*result*/) => {
next(); next();
}) })
.catch((err) => { .catch((err) => {
@@ -477,12 +516,13 @@ const internalAccessList = {
reject(err); reject(err);
}) })
.end((results) => { .end((results) => {
logger.success(`Built Access file #${list.id} for: ${list.name}`); logger.success('Built Access file #' + list.id + ' for: ' + list.name);
resolve(results); resolve(results);
}); });
}); });
} }
});
} }
} };
export default internalAccessList; module.exports = internalAccessList;

88
backend/internal/audit-log.js
View File

@@ -1,6 +1,5 @@
import errs from "../lib/error.js"; const error = require('../lib/error');
import { castJsonIfNeed } from "../lib/helpers.js"; const auditLogModel = require('../models/audit-log');
import auditLogModel from "../models/audit-log.js";
const internalAuditLog = { const internalAuditLog = {
@@ -9,60 +8,32 @@ const internalAuditLog = {
* *
* @param {Access} access * @param {Access} access
* @param {Array} [expand] * @param {Array} [expand]
* @param {String} [searchQuery] * @param {String} [search_query]
* @returns {Promise} * @returns {Promise}
*/ */
getAll: async (access, expand, searchQuery) => { getAll: (access, expand, search_query) => {
await access.can("auditlog:list"); return access.can('auditlog:list')
.then(() => {
const query = auditLogModel let query = auditLogModel
.query() .query()
.orderBy("created_on", "DESC") .orderBy('created_on', 'DESC')
.orderBy("id", "DESC") .orderBy('id', 'DESC')
.limit(100) .limit(100)
.allowGraph("[user]"); .allowGraph('[user]');
// Query is used for searching // Query is used for searching
if (typeof searchQuery === "string" && searchQuery.length > 0) { if (typeof search_query === 'string') {
query.where(function () { query.where(function () {
this.where(castJsonIfNeed("meta"), "like", `%${searchQuery}`); this.where('meta', 'like', '%' + search_query + '%');
}); });
} }
if (typeof expand !== "undefined" && expand !== null) { if (typeof expand !== 'undefined' && expand !== null) {
query.withGraphFetched(`[${expand.join(", ")}]`); query.withGraphFetched('[' + expand.join(', ') + ']');
} }
return await query; return query;
}, });
/**
* @param {Access} access
* @param {Object} [data]
* @param {Integer} [data.id] Defaults to the token user
* @param {Array} [data.expand]
* @return {Promise}
*/
get: async (access, data) => {
await access.can("auditlog:list");
const query = auditLogModel
.query()
.andWhere("id", data.id)
.allowGraph("[user]")
.first();
if (typeof data.expand !== "undefined" && data.expand !== null) {
query.withGraphFetched(`[${data.expand.join(", ")}]`);
}
const row = await query;
if (!row?.id) {
throw new errs.ItemNotFoundError(data.id);
}
return row;
}, },
/** /**
@@ -79,24 +50,29 @@ const internalAuditLog = {
* @param {Object} [data.meta] * @param {Object} [data.meta]
* @returns {Promise} * @returns {Promise}
*/ */
add: async (access, data) => { add: (access, data) => {
if (typeof data.user_id === "undefined" || !data.user_id) { return new Promise((resolve, reject) => {
// Default the user id
if (typeof data.user_id === 'undefined' || !data.user_id) {
data.user_id = access.token.getUserId(1); data.user_id = access.token.getUserId(1);
} }
if (typeof data.action === "undefined" || !data.action) { if (typeof data.action === 'undefined' || !data.action) {
throw new errs.InternalValidationError("Audit log entry must contain an Action"); reject(new error.InternalValidationError('Audit log entry must contain an Action'));
} } else {
// Make sure at least 1 of the IDs are set and action // Make sure at least 1 of the IDs are set and action
return await auditLogModel.query().insert({ resolve(auditLogModel
.query()
.insert({
user_id: data.user_id, user_id: data.user_id,
action: data.action, action: data.action,
object_type: data.object_type || "", object_type: data.object_type || '',
object_id: data.object_id || 0, object_id: data.object_id || 0,
meta: data.meta || {}, meta: data.meta || {}
}));
}
}); });
}, }
}; };
export default internalAuditLog; module.exports = internalAuditLog;

1262
backend/internal/certificate.js
View File

File diff suppressed because it is too large Load Diff

486
backend/internal/dead-host.js
View File

@@ -1,96 +1,109 @@
import _ from "lodash"; const _ = require('lodash');
import errs from "../lib/error.js"; const error = require('../lib/error');
import { castJsonIfNeed } from "../lib/helpers.js"; const utils = require('../lib/utils');
import utils from "../lib/utils.js"; const deadHostModel = require('../models/dead_host');
import deadHostModel from "../models/dead_host.js"; const internalHost = require('./host');
import internalAuditLog from "./audit-log.js"; const internalNginx = require('./nginx');
import internalCertificate from "./certificate.js"; const internalAuditLog = require('./audit-log');
import internalHost from "./host.js"; const internalCertificate = require('./certificate');
import internalNginx from "./nginx.js";
const omissions = () => { function omissions () {
return ["is_deleted"]; return ['is_deleted'];
}; }
const internalDeadHost = { const internalDeadHost = {
/** /**
* @param {Access} access * @param {Access} access
* @param {Object} data * @param {Object} data
* @returns {Promise} * @returns {Promise}
*/ */
create: async (access, data) => { create: (access, data) => {
const createCertificate = data.certificate_id === "new"; let create_certificate = data.certificate_id === 'new';
if (createCertificate) { if (create_certificate) {
delete data.certificate_id; delete data.certificate_id;
} }
await access.can("dead_hosts:create", data); return access.can('dead_hosts:create', data)
.then((/*access_data*/) => {
// Get a list of the domain names and check each of them against existing records // Get a list of the domain names and check each of them against existing records
const domainNameCheckPromises = []; let domain_name_check_promises = [];
data.domain_names.map((domain_name) => { data.domain_names.map(function (domain_name) {
domainNameCheckPromises.push(internalHost.isHostnameTaken(domain_name)); domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name));
return true;
}); });
await Promise.all(domainNameCheckPromises).then((check_results) => { return Promise.all(domain_name_check_promises)
check_results.map((result) => { .then((check_results) => {
check_results.map(function (result) {
if (result.is_taken) { if (result.is_taken) {
throw new errs.ValidationError(`${result.hostname} is already in use`); throw new error.ValidationError(result.hostname + ' is already in use');
} }
return true;
}); });
}); });
})
.then(() => {
// At this point the domains should have been checked // At this point the domains should have been checked
data.owner_user_id = access.token.getUserId(1); data.owner_user_id = access.token.getUserId(1);
const thisData = internalHost.cleanSslHstsData(data); data = internalHost.cleanSslHstsData(data);
// Fix for db field not having a default value // Fix for db field not having a default value
// for this optional field. // for this optional field.
if (typeof data.advanced_config === "undefined") { if (typeof data.advanced_config === 'undefined') {
thisData.advanced_config = ""; data.advanced_config = '';
} }
const row = await deadHostModel.query() return deadHostModel
.insertAndFetch(thisData) .query()
.insertAndFetch(data)
.then(utils.omitRow(omissions())); .then(utils.omitRow(omissions()));
})
.then((row) => {
if (create_certificate) {
return internalCertificate.createQuickCertificate(access, data)
.then((cert) => {
// update host with cert id
return internalDeadHost.update(access, {
id: row.id,
certificate_id: cert.id
});
})
.then(() => {
return row;
});
} else {
return row;
}
})
.then((row) => {
// re-fetch with cert
return internalDeadHost.get(access, {
id: row.id,
expand: ['certificate', 'owner']
});
})
.then((row) => {
// Configure nginx
return internalNginx.configure(deadHostModel, 'dead_host', row)
.then(() => {
return row;
});
})
.then((row) => {
data.meta = _.assign({}, data.meta || {}, row.meta);
// Add to audit log // Add to audit log
await internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "created", action: 'created',
object_type: "dead-host", object_type: 'dead-host',
object_id: row.id, object_id: row.id,
meta: thisData, meta: data
})
.then(() => {
return row;
}); });
if (createCertificate) {
const cert = await internalCertificate.createQuickCertificate(access, data);
// update host with cert id
await internalDeadHost.update(access, {
id: row.id,
certificate_id: cert.id,
}); });
}
// re-fetch with cert
const freshRow = await internalDeadHost.get(access, {
id: row.id,
expand: ["certificate", "owner"],
});
// Sanity check
if (createCertificate && !freshRow.certificate_id) {
throw new errs.InternalValidationError("The host was created but the Certificate creation failed.");
}
// Configure nginx
await internalNginx.configure(deadHostModel, "dead_host", freshRow);
return freshRow;
}, },
/** /**
@@ -99,85 +112,98 @@ const internalDeadHost = {
* @param {Number} data.id * @param {Number} data.id
* @return {Promise} * @return {Promise}
*/ */
update: async (access, data) => { update: (access, data) => {
const createCertificate = data.certificate_id === "new"; let create_certificate = data.certificate_id === 'new';
if (createCertificate) {
if (create_certificate) {
delete data.certificate_id; delete data.certificate_id;
} }
await access.can("dead_hosts:update", data.id); return access.can('dead_hosts:update', data.id)
.then((/*access_data*/) => {
// Get a list of the domain names and check each of them against existing records // Get a list of the domain names and check each of them against existing records
const domainNameCheckPromises = []; let domain_name_check_promises = [];
if (typeof data.domain_names !== "undefined") {
data.domain_names.map((domainName) => { if (typeof data.domain_names !== 'undefined') {
domainNameCheckPromises.push(internalHost.isHostnameTaken(domainName, "dead", data.id)); data.domain_names.map(function (domain_name) {
return true; domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name, 'dead', data.id));
}); });
const checkResults = await Promise.all(domainNameCheckPromises); return Promise.all(domain_name_check_promises)
checkResults.map((result) => { .then((check_results) => {
check_results.map(function (result) {
if (result.is_taken) { if (result.is_taken) {
throw new errs.ValidationError(`${result.hostname} is already in use`); throw new error.ValidationError(result.hostname + ' is already in use');
} }
return true; });
}); });
} }
const row = await internalDeadHost.get(access, { id: data.id }); })
.then(() => {
return internalDeadHost.get(access, {id: data.id});
})
.then((row) => {
if (row.id !== data.id) { if (row.id !== data.id) {
// Sanity check that something crazy hasn't happened // Sanity check that something crazy hasn't happened
throw new errs.InternalValidationError( throw new error.InternalValidationError('404 Host could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
`404 Host could not be updated, IDs do not match: ${row.id} !== ${data.id}`,
);
} }
if (createCertificate) { if (create_certificate) {
const cert = await internalCertificate.createQuickCertificate(access, { return internalCertificate.createQuickCertificate(access, {
domain_names: data.domain_names || row.domain_names, domain_names: data.domain_names || row.domain_names,
meta: _.assign({}, row.meta, data.meta), meta: _.assign({}, row.meta, data.meta)
}); })
.then((cert) => {
// update host with cert id // update host with cert id
data.certificate_id = cert.id; data.certificate_id = cert.id;
})
.then(() => {
return row;
});
} else {
return row;
} }
})
.then((row) => {
// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here. // Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here.
let thisData = _.assign( data = _.assign({}, {
{}, domain_names: row.domain_names
{ }, data);
domain_names: row.domain_names,
},
data,
);
thisData = internalHost.cleanSslHstsData(thisData, row); data = internalHost.cleanSslHstsData(data, row);
return deadHostModel
// do the row update
await deadHostModel
.query() .query()
.where({id: data.id}) .where({id: data.id})
.patch(data); .patch(data)
.then((saved_row) => {
// Add to audit log // Add to audit log
await internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "updated", action: 'updated',
object_type: "dead-host", object_type: 'dead-host',
object_id: row.id, object_id: row.id,
meta: thisData, meta: data
})
.then(() => {
return _.omit(saved_row, omissions());
}); });
const thisRow = await internalDeadHost
.get(access, {
id: thisData.id,
expand: ["owner", "certificate"],
}); });
})
.then(() => {
return internalDeadHost.get(access, {
id: data.id,
expand: ['owner', 'certificate']
})
.then((row) => {
// Configure nginx // Configure nginx
const newMeta = await internalNginx.configure(deadHostModel, "dead_host", row); return internalNginx.configure(deadHostModel, 'dead_host', row)
row.meta = newMeta; .then((new_meta) => {
return _.omit(internalHost.cleanRowCertificateMeta(thisRow), omissions()); row.meta = new_meta;
row = internalHost.cleanRowCertificateMeta(row);
return _.omit(row, omissions());
});
});
});
}, },
/** /**
@@ -188,32 +214,40 @@ const internalDeadHost = {
* @param {Array} [data.omit] * @param {Array} [data.omit]
* @return {Promise} * @return {Promise}
*/ */
get: async (access, data) => { get: (access, data) => {
const accessData = await access.can("dead_hosts:get", data.id); if (typeof data === 'undefined') {
const query = deadHostModel data = {};
}
return access.can('dead_hosts:get', data.id)
.then((access_data) => {
let query = deadHostModel
.query() .query()
.where("is_deleted", 0) .where('is_deleted', 0)
.andWhere("id", data.id) .andWhere('id', data.id)
.allowGraph("[owner,certificate]") .allowGraph('[owner,certificate]')
.first(); .first();
if (accessData.permission_visibility !== "all") { if (access_data.permission_visibility !== 'all') {
query.andWhere("owner_user_id", access.token.getUserId(1)); query.andWhere('owner_user_id', access.token.getUserId(1));
} }
if (typeof data.expand !== "undefined" && data.expand !== null) { if (typeof data.expand !== 'undefined' && data.expand !== null) {
query.withGraphFetched(`[${data.expand.join(", ")}]`); query.withGraphFetched('[' + data.expand.join(', ') + ']');
} }
const row = await query.then(utils.omitRow(omissions())); return query.then(utils.omitRow(omissions()));
})
.then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id); throw new error.ItemNotFoundError(data.id);
} }
// Custom omissions // Custom omissions
if (typeof data.omit !== "undefined" && data.omit !== null) { if (typeof data.omit !== 'undefined' && data.omit !== null) {
return _.omit(row, data.omit); row = _.omit(row, data.omit);
} }
return row; return row;
});
}, },
/** /**
@@ -223,32 +257,42 @@ const internalDeadHost = {
* @param {String} [data.reason] * @param {String} [data.reason]
* @returns {Promise} * @returns {Promise}
*/ */
delete: async (access, data) => { delete: (access, data) => {
await access.can("dead_hosts:delete", data.id) return access.can('dead_hosts:delete', data.id)
const row = await internalDeadHost.get(access, { id: data.id }); .then(() => {
return internalDeadHost.get(access, {id: data.id});
})
.then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id); throw new error.ItemNotFoundError(data.id);
} }
await deadHostModel return deadHostModel
.query() .query()
.where("id", row.id) .where('id', row.id)
.patch({ .patch({
is_deleted: 1, is_deleted: 1
}); })
.then(() => {
// Delete Nginx Config // Delete Nginx Config
await internalNginx.deleteConfig("dead_host", row); return internalNginx.deleteConfig('dead_host', row)
await internalNginx.reload(); .then(() => {
return internalNginx.reload();
// Add to audit log
await internalAuditLog.add(access, {
action: "deleted",
object_type: "dead-host",
object_id: row.id,
meta: _.omit(row, omissions()),
}); });
})
.then(() => {
// Add to audit log
return internalAuditLog.add(access, {
action: 'deleted',
object_type: 'dead-host',
object_id: row.id,
meta: _.omit(row, omissions())
});
});
})
.then(() => {
return true; return true;
});
}, },
/** /**
@@ -258,39 +302,46 @@ const internalDeadHost = {
* @param {String} [data.reason] * @param {String} [data.reason]
* @returns {Promise} * @returns {Promise}
*/ */
enable: async (access, data) => { enable: (access, data) => {
await access.can("dead_hosts:update", data.id) return access.can('dead_hosts:update', data.id)
const row = await internalDeadHost.get(access, { .then(() => {
return internalDeadHost.get(access, {
id: data.id, id: data.id,
expand: ["certificate", "owner"], expand: ['certificate', 'owner']
}); });
})
.then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id); throw new error.ItemNotFoundError(data.id);
} } else if (row.enabled) {
if (row.enabled) { throw new error.ValidationError('Host is already enabled');
throw new errs.ValidationError("Host is already enabled");
} }
row.enabled = 1; row.enabled = 1;
await deadHostModel return deadHostModel
.query() .query()
.where("id", row.id) .where('id', row.id)
.patch({ .patch({
enabled: 1, enabled: 1
}); })
.then(() => {
// Configure nginx // Configure nginx
await internalNginx.configure(deadHostModel, "dead_host", row); return internalNginx.configure(deadHostModel, 'dead_host', row);
})
.then(() => {
// Add to audit log // Add to audit log
await internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "enabled", action: 'enabled',
object_type: "dead-host", object_type: 'dead-host',
object_id: row.id, object_id: row.id,
meta: _.omit(row, omissions()), meta: _.omit(row, omissions())
}); });
});
})
.then(() => {
return true; return true;
});
}, },
/** /**
@@ -300,37 +351,46 @@ const internalDeadHost = {
* @param {String} [data.reason] * @param {String} [data.reason]
* @returns {Promise} * @returns {Promise}
*/ */
disable: async (access, data) => { disable: (access, data) => {
await access.can("dead_hosts:update", data.id) return access.can('dead_hosts:update', data.id)
const row = await internalDeadHost.get(access, { id: data.id }); .then(() => {
return internalDeadHost.get(access, {id: data.id});
})
.then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id); throw new error.ItemNotFoundError(data.id);
} } else if (!row.enabled) {
if (!row.enabled) { throw new error.ValidationError('Host is already disabled');
throw new errs.ValidationError("Host is already disabled");
} }
row.enabled = 0; row.enabled = 0;
await deadHostModel return deadHostModel
.query() .query()
.where("id", row.id) .where('id', row.id)
.patch({ .patch({
enabled: 0, enabled: 0
}); })
.then(() => {
// Delete Nginx Config // Delete Nginx Config
await internalNginx.deleteConfig("dead_host", row); return internalNginx.deleteConfig('dead_host', row)
await internalNginx.reload(); .then(() => {
return internalNginx.reload();
// Add to audit log
await internalAuditLog.add(access, {
action: "disabled",
object_type: "dead-host",
object_id: row.id,
meta: _.omit(row, omissions()),
}); });
})
.then(() => {
// Add to audit log
return internalAuditLog.add(access, {
action: 'disabled',
object_type: 'dead-host',
object_id: row.id,
meta: _.omit(row, omissions())
});
});
})
.then(() => {
return true; return true;
});
}, },
/** /**
@@ -338,38 +398,43 @@ const internalDeadHost = {
* *
* @param {Access} access * @param {Access} access
* @param {Array} [expand] * @param {Array} [expand]
* @param {String} [searchQuery] * @param {String} [search_query]
* @returns {Promise} * @returns {Promise}
*/ */
getAll: async (access, expand, searchQuery) => { getAll: (access, expand, search_query) => {
const accessData = await access.can("dead_hosts:list") return access.can('dead_hosts:list')
const query = deadHostModel .then((access_data) => {
let query = deadHostModel
.query() .query()
.where("is_deleted", 0) .where('is_deleted', 0)
.groupBy("id") .groupBy('id')
.allowGraph("[owner,certificate]") .allowGraph('[owner,certificate]')
.orderBy(castJsonIfNeed("domain_names"), "ASC"); .orderBy('domain_names', 'ASC');
if (accessData.permission_visibility !== "all") { if (access_data.permission_visibility !== 'all') {
query.andWhere("owner_user_id", access.token.getUserId(1)); query.andWhere('owner_user_id', access.token.getUserId(1));
} }
// Query is used for searching // Query is used for searching
if (typeof searchQuery === "string" && searchQuery.length > 0) { if (typeof search_query === 'string') {
query.where(function () { query.where(function () {
this.where(castJsonIfNeed("domain_names"), "like", `%${searchQuery}%`); this.where('domain_names', 'like', '%' + search_query + '%');
}); });
} }
if (typeof expand !== "undefined" && expand !== null) { if (typeof expand !== 'undefined' && expand !== null) {
query.withGraphFetched(`[${expand.join(", ")}]`); query.withGraphFetched('[' + expand.join(', ') + ']');
} }
const rows = await query.then(utils.omitRows(omissions())); return query.then(utils.omitRows(omissions()));
if (typeof expand !== "undefined" && expand !== null && expand.indexOf("certificate") !== -1) { })
internalHost.cleanAllRowsCertificateMeta(rows); .then((rows) => {
if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
return internalHost.cleanAllRowsCertificateMeta(rows);
} }
return rows; return rows;
});
}, },
/** /**
@@ -379,16 +444,21 @@ const internalDeadHost = {
* @param {String} visibility * @param {String} visibility
* @returns {Promise} * @returns {Promise}
*/ */
getCount: async (user_id, visibility) => { getCount: (user_id, visibility) => {
const query = deadHostModel.query().count("id as count").where("is_deleted", 0); let query = deadHostModel
.query()
.count('id as count')
.where('is_deleted', 0);
if (visibility !== "all") { if (visibility !== 'all') {
query.andWhere("owner_user_id", user_id); query.andWhere('owner_user_id', user_id);
} }
const row = await query.first(); return query.first()
return Number.parseInt(row.count, 10); .then((row) => {
}, return parseInt(row.count, 10);
});
}
}; };
export default internalDeadHost; module.exports = internalDeadHost;

193
backend/internal/host.js
View File

@@ -1,10 +1,10 @@
import _ from "lodash"; const _ = require('lodash');
import { castJsonIfNeed } from "../lib/helpers.js"; const proxyHostModel = require('../models/proxy_host');
import deadHostModel from "../models/dead_host.js"; const redirectionHostModel = require('../models/redirection_host');
import proxyHostModel from "../models/proxy_host.js"; const deadHostModel = require('../models/dead_host');
import redirectionHostModel from "../models/redirection_host.js";
const internalHost = { const internalHost = {
/** /**
* Makes sure that the ssl_* and hsts_* fields play nicely together. * Makes sure that the ssl_* and hsts_* fields play nicely together.
* ie: if there is no cert, then force_ssl is off. * ie: if there is no cert, then force_ssl is off.
@@ -14,23 +14,25 @@ const internalHost = {
* @param {object} [existing_data] * @param {object} [existing_data]
* @returns {object} * @returns {object}
*/ */
cleanSslHstsData: (data, existingData) => { cleanSslHstsData: function (data, existing_data) {
const combinedData = _.assign({}, existingData || {}, data); existing_data = existing_data === undefined ? {} : existing_data;
if (!combinedData.certificate_id) { let combined_data = _.assign({}, existing_data, data);
combinedData.ssl_forced = false;
combinedData.http2_support = false; if (!combined_data.certificate_id) {
combined_data.ssl_forced = false;
combined_data.http2_support = false;
} }
if (!combinedData.ssl_forced) { if (!combined_data.ssl_forced) {
combinedData.hsts_enabled = false; combined_data.hsts_enabled = false;
} }
if (!combinedData.hsts_enabled) { if (!combined_data.hsts_enabled) {
combinedData.hsts_subdomains = false; combined_data.hsts_subdomains = false;
} }
return combinedData; return combined_data;
}, },
/** /**
@@ -39,12 +41,11 @@ const internalHost = {
* @param {Array} rows * @param {Array} rows
* @returns {Array} * @returns {Array}
*/ */
cleanAllRowsCertificateMeta: (rows) => { cleanAllRowsCertificateMeta: function (rows) {
rows.map((_, idx) => { rows.map(function (row, idx) {
if (typeof rows[idx].certificate !== "undefined" && rows[idx].certificate) { if (typeof rows[idx].certificate !== 'undefined' && rows[idx].certificate) {
rows[idx].certificate.meta = {}; rows[idx].certificate.meta = {};
} }
return true;
}); });
return rows; return rows;
@@ -56,8 +57,8 @@ const internalHost = {
* @param {Object} row * @param {Object} row
* @returns {Object} * @returns {Object}
*/ */
cleanRowCertificateMeta: (row) => { cleanRowCertificateMeta: function (row) {
if (typeof row.certificate !== "undefined" && row.certificate) { if (typeof row.certificate !== 'undefined' && row.certificate) {
row.certificate.meta = {}; row.certificate.meta = {};
} }
@@ -65,33 +66,54 @@ const internalHost = {
}, },
/** /**
* This returns all the host types with any domain listed in the provided domainNames array. * This returns all the host types with any domain listed in the provided domain_names array.
* This is used by the certificates to temporarily disable any host that is using the domain * This is used by the certificates to temporarily disable any host that is using the domain
* *
* @param {Array} domainNames * @param {Array} domain_names
* @returns {Promise} * @returns {Promise}
*/ */
getHostsWithDomains: async (domainNames) => { getHostsWithDomains: function (domain_names) {
const responseObject = { let promises = [
proxyHostModel
.query()
.where('is_deleted', 0),
redirectionHostModel
.query()
.where('is_deleted', 0),
deadHostModel
.query()
.where('is_deleted', 0)
];
return Promise.all(promises)
.then((promises_results) => {
let response_object = {
total_count: 0, total_count: 0,
dead_hosts: [], dead_hosts: [],
proxy_hosts: [], proxy_hosts: [],
redirection_hosts: [], redirection_hosts: []
}; };
const proxyRes = await proxyHostModel.query().where("is_deleted", 0); if (promises_results[0]) {
responseObject.proxy_hosts = internalHost._getHostsWithDomains(proxyRes, domainNames); // Proxy Hosts
responseObject.total_count += responseObject.proxy_hosts.length; response_object.proxy_hosts = internalHost._getHostsWithDomains(promises_results[0], domain_names);
response_object.total_count += response_object.proxy_hosts.length;
}
const redirRes = await redirectionHostModel.query().where("is_deleted", 0); if (promises_results[1]) {
responseObject.redirection_hosts = internalHost._getHostsWithDomains(redirRes, domainNames); // Redirection Hosts
responseObject.total_count += responseObject.redirection_hosts.length; response_object.redirection_hosts = internalHost._getHostsWithDomains(promises_results[1], domain_names);
response_object.total_count += response_object.redirection_hosts.length;
}
const deadRes = await deadHostModel.query().where("is_deleted", 0); if (promises_results[2]) {
responseObject.dead_hosts = internalHost._getHostsWithDomains(deadRes, domainNames); // Dead Hosts
responseObject.total_count += responseObject.dead_hosts.length; response_object.dead_hosts = internalHost._getHostsWithDomains(promises_results[2], domain_names);
response_object.total_count += response_object.dead_hosts.length;
}
return responseObject; return response_object;
});
}, },
/** /**
@@ -102,67 +124,50 @@ const internalHost = {
* @param {Integer} [ignore_id] Must be supplied if type was also supplied * @param {Integer} [ignore_id] Must be supplied if type was also supplied
* @returns {Promise} * @returns {Promise}
*/ */
isHostnameTaken: (hostname, ignore_type, ignore_id) => { isHostnameTaken: function (hostname, ignore_type, ignore_id) {
const promises = [ let promises = [
proxyHostModel proxyHostModel
.query() .query()
.where("is_deleted", 0) .where('is_deleted', 0)
.andWhere(castJsonIfNeed("domain_names"), "like", `%${hostname}%`), .andWhere('domain_names', 'like', '%' + hostname + '%'),
redirectionHostModel redirectionHostModel
.query() .query()
.where("is_deleted", 0) .where('is_deleted', 0)
.andWhere(castJsonIfNeed("domain_names"), "like", `%${hostname}%`), .andWhere('domain_names', 'like', '%' + hostname + '%'),
deadHostModel deadHostModel
.query() .query()
.where("is_deleted", 0) .where('is_deleted', 0)
.andWhere(castJsonIfNeed("domain_names"), "like", `%${hostname}%`), .andWhere('domain_names', 'like', '%' + hostname + '%')
]; ];
return Promise.all(promises).then((promises_results) => { return Promise.all(promises)
.then((promises_results) => {
let is_taken = false; let is_taken = false;
if (promises_results[0]) { if (promises_results[0]) {
// Proxy Hosts // Proxy Hosts
if ( if (internalHost._checkHostnameRecordsTaken(hostname, promises_results[0], ignore_type === 'proxy' && ignore_id ? ignore_id : 0)) {
internalHost._checkHostnameRecordsTaken(
hostname,
promises_results[0],
ignore_type === "proxy" && ignore_id ? ignore_id : 0,
)
) {
is_taken = true; is_taken = true;
} }
} }
if (promises_results[1]) { if (promises_results[1]) {
// Redirection Hosts // Redirection Hosts
if ( if (internalHost._checkHostnameRecordsTaken(hostname, promises_results[1], ignore_type === 'redirection' && ignore_id ? ignore_id : 0)) {
internalHost._checkHostnameRecordsTaken(
hostname,
promises_results[1],
ignore_type === "redirection" && ignore_id ? ignore_id : 0,
)
) {
is_taken = true; is_taken = true;
} }
} }
if (promises_results[2]) { if (promises_results[2]) {
// Dead Hosts // Dead Hosts
if ( if (internalHost._checkHostnameRecordsTaken(hostname, promises_results[2], ignore_type === 'dead' && ignore_id ? ignore_id : 0)) {
internalHost._checkHostnameRecordsTaken(
hostname,
promises_results[2],
ignore_type === "dead" && ignore_id ? ignore_id : 0,
)
) {
is_taken = true; is_taken = true;
} }
} }
return { return {
hostname: hostname, hostname: hostname,
is_taken: is_taken, is_taken: is_taken
}; };
}); });
}, },
@@ -171,64 +176,60 @@ const internalHost = {
* Private call only * Private call only
* *
* @param {String} hostname * @param {String} hostname
* @param {Array} existingRows * @param {Array} existing_rows
* @param {Integer} [ignoreId] * @param {Integer} [ignore_id]
* @returns {Boolean} * @returns {Boolean}
*/ */
_checkHostnameRecordsTaken: (hostname, existingRows, ignoreId) => { _checkHostnameRecordsTaken: function (hostname, existing_rows, ignore_id) {
let isTaken = false; let is_taken = false;
if (existingRows?.length) { if (existing_rows && existing_rows.length) {
existingRows.map((existingRow) => { existing_rows.map(function (existing_row) {
existingRow.domain_names.map((existingHostname) => { existing_row.domain_names.map(function (existing_hostname) {
// Does this domain match? // Does this domain match?
if (existingHostname.toLowerCase() === hostname.toLowerCase()) { if (existing_hostname.toLowerCase() === hostname.toLowerCase()) {
if (!ignoreId || ignoreId !== existingRow.id) { if (!ignore_id || ignore_id !== existing_row.id) {
isTaken = true; is_taken = true;
} }
} }
return true;
}); });
return true;
}); });
} }
return isTaken; return is_taken;
}, },
/** /**
* Private call only * Private call only
* *
* @param {Array} hosts * @param {Array} hosts
* @param {Array} domainNames * @param {Array} domain_names
* @returns {Array} * @returns {Array}
*/ */
_getHostsWithDomains: (hosts, domainNames) => { _getHostsWithDomains: function (hosts, domain_names) {
const response = []; let response = [];
if (hosts?.length) { if (hosts && hosts.length) {
hosts.map((host) => { hosts.map(function (host) {
let hostMatches = false; let host_matches = false;
domainNames.map((domainName) => { domain_names.map(function (domain_name) {
host.domain_names.map((hostDomainName) => { host.domain_names.map(function (host_domain_name) {
if (domainName.toLowerCase() === hostDomainName.toLowerCase()) { if (domain_name.toLowerCase() === host_domain_name.toLowerCase()) {
hostMatches = true; host_matches = true;
} }
return true;
}); });
return true;
}); });
if (hostMatches) { if (host_matches) {
response.push(host); response.push(host);
} }
return true;
}); });
} }
return response; return response;
}, }
}; };
export default internalHost; module.exports = internalHost;

93
backend/internal/ip_ranges.js
View File

@@ -1,49 +1,43 @@
import fs from "node:fs"; const https = require('https');
import https from "node:https"; const fs = require('fs');
import { dirname } from "node:path"; const logger = require('../logger').ip_ranges;
import { fileURLToPath } from "node:url"; const error = require('../lib/error');
import errs from "../lib/error.js"; const utils = require('../lib/utils');
import utils from "../lib/utils.js"; const internalNginx = require('./nginx');
import { ipRanges as logger } from "../logger.js";
import internalNginx from "./nginx.js";
const __filename = fileURLToPath(import.meta.url); const CLOUDFRONT_URL = 'https://ip-ranges.amazonaws.com/ip-ranges.json';
const __dirname = dirname(__filename); const CLOUDFARE_V4_URL = 'https://www.cloudflare.com/ips-v4';
const CLOUDFARE_V6_URL = 'https://www.cloudflare.com/ips-v6';
const CLOUDFRONT_URL = "https://ip-ranges.amazonaws.com/ip-ranges.json";
const CLOUDFARE_V4_URL = "https://www.cloudflare.com/ips-v4";
const CLOUDFARE_V6_URL = "https://www.cloudflare.com/ips-v6";
const regIpV4 = /^(\d+\.?){4}\/\d+/; const regIpV4 = /^(\d+\.?){4}\/\d+/;
const regIpV6 = /^(([\da-fA-F]+)?:)+\/\d+/; const regIpV6 = /^(([\da-fA-F]+)?:)+\/\d+/;
const internalIpRanges = { const internalIpRanges = {
interval_timeout: 1000 * 60 * 60 * 6, // 6 hours interval_timeout: 1000 * 60 * 60 * 6, // 6 hours
interval: null, interval: null,
interval_processing: false, interval_processing: false,
iteration_count: 0, iteration_count: 0,
initTimer: () => { initTimer: () => {
logger.info("IP Ranges Renewal Timer initialized"); logger.info('IP Ranges Renewal Timer initialized');
internalIpRanges.interval = setInterval(internalIpRanges.fetch, internalIpRanges.interval_timeout); internalIpRanges.interval = setInterval(internalIpRanges.fetch, internalIpRanges.interval_timeout);
}, },
fetchUrl: (url) => { fetchUrl: (url) => {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
logger.info(`Fetching ${url}`); logger.info('Fetching ' + url);
return https return https.get(url, (res) => {
.get(url, (res) => { res.setEncoding('utf8');
res.setEncoding("utf8"); let raw_data = '';
let raw_data = ""; res.on('data', (chunk) => {
res.on("data", (chunk) => {
raw_data += chunk; raw_data += chunk;
}); });
res.on("end", () => { res.on('end', () => {
resolve(raw_data); resolve(raw_data);
}); });
}) }).on('error', (err) => {
.on("error", (err) => {
reject(err); reject(err);
}); });
}); });
@@ -55,30 +49,27 @@ const internalIpRanges = {
fetch: () => { fetch: () => {
if (!internalIpRanges.interval_processing) { if (!internalIpRanges.interval_processing) {
internalIpRanges.interval_processing = true; internalIpRanges.interval_processing = true;
logger.info("Fetching IP Ranges from online services..."); logger.info('Fetching IP Ranges from online services...');
let ip_ranges = []; let ip_ranges = [];
return internalIpRanges return internalIpRanges.fetchUrl(CLOUDFRONT_URL)
.fetchUrl(CLOUDFRONT_URL)
.then((cloudfront_data) => { .then((cloudfront_data) => {
const data = JSON.parse(cloudfront_data); let data = JSON.parse(cloudfront_data);
if (data && typeof data.prefixes !== "undefined") { if (data && typeof data.prefixes !== 'undefined') {
data.prefixes.map((item) => { data.prefixes.map((item) => {
if (item.service === "CLOUDFRONT") { if (item.service === 'CLOUDFRONT') {
ip_ranges.push(item.ip_prefix); ip_ranges.push(item.ip_prefix);
} }
return true;
}); });
} }
if (data && typeof data.ipv6_prefixes !== "undefined") { if (data && typeof data.ipv6_prefixes !== 'undefined') {
data.ipv6_prefixes.map((item) => { data.ipv6_prefixes.map((item) => {
if (item.service === "CLOUDFRONT") { if (item.service === 'CLOUDFRONT') {
ip_ranges.push(item.ipv6_prefix); ip_ranges.push(item.ipv6_prefix);
} }
return true;
}); });
} }
}) })
@@ -86,26 +77,26 @@ const internalIpRanges = {
return internalIpRanges.fetchUrl(CLOUDFARE_V4_URL); return internalIpRanges.fetchUrl(CLOUDFARE_V4_URL);
}) })
.then((cloudfare_data) => { .then((cloudfare_data) => {
const items = cloudfare_data.split("\n").filter((line) => regIpV4.test(line)); let items = cloudfare_data.split('\n').filter((line) => regIpV4.test(line));
ip_ranges = [...ip_ranges, ...items]; ip_ranges = [... ip_ranges, ... items];
}) })
.then(() => { .then(() => {
return internalIpRanges.fetchUrl(CLOUDFARE_V6_URL); return internalIpRanges.fetchUrl(CLOUDFARE_V6_URL);
}) })
.then((cloudfare_data) => { .then((cloudfare_data) => {
const items = cloudfare_data.split("\n").filter((line) => regIpV6.test(line)); let items = cloudfare_data.split('\n').filter((line) => regIpV6.test(line));
ip_ranges = [...ip_ranges, ...items]; ip_ranges = [... ip_ranges, ... items];
}) })
.then(() => { .then(() => {
const clean_ip_ranges = []; let clean_ip_ranges = [];
ip_ranges.map((range) => { ip_ranges.map((range) => {
if (range) { if (range) {
clean_ip_ranges.push(range); clean_ip_ranges.push(range);
} }
return true;
}); });
return internalIpRanges.generateConfig(clean_ip_ranges).then(() => { return internalIpRanges.generateConfig(clean_ip_ranges)
.then(() => {
if (internalIpRanges.iteration_count) { if (internalIpRanges.iteration_count) {
// Reload nginx // Reload nginx
return internalNginx.reload(); return internalNginx.reload();
@@ -117,7 +108,7 @@ const internalIpRanges = {
internalIpRanges.iteration_count++; internalIpRanges.iteration_count++;
}) })
.catch((err) => { .catch((err) => {
logger.fatal(err.message); logger.error(err.message);
internalIpRanges.interval_processing = false; internalIpRanges.interval_processing = false;
}); });
} }
@@ -131,26 +122,26 @@ const internalIpRanges = {
const renderEngine = utils.getRenderEngine(); const renderEngine = utils.getRenderEngine();
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
let template = null; let template = null;
const filename = "/etc/nginx/conf.d/include/ip_ranges.conf"; let filename = '/etc/nginx/conf.d/include/ip_ranges.conf';
try { try {
template = fs.readFileSync(`${__dirname}/../templates/ip_ranges.conf`, { encoding: "utf8" }); template = fs.readFileSync(__dirname + '/../templates/ip_ranges.conf', {encoding: 'utf8'});
} catch (err) { } catch (err) {
reject(new errs.ConfigurationError(err.message)); reject(new error.ConfigurationError(err.message));
return; return;
} }
renderEngine renderEngine
.parseAndRender(template, { ip_ranges: ip_ranges }) .parseAndRender(template, {ip_ranges: ip_ranges})
.then((config_text) => { .then((config_text) => {
fs.writeFileSync(filename, config_text, { encoding: "utf8" }); fs.writeFileSync(filename, config_text, {encoding: 'utf8'});
resolve(true); resolve(true);
}) })
.catch((err) => { .catch((err) => {
logger.warn(`Could not write ${filename}: ${err.message}`); logger.warn('Could not write ' + filename + ':', err.message);
reject(new errs.ConfigurationError(err.message)); reject(new error.ConfigurationError(err.message));
}); });
}); });
}, }
}; };
export default internalIpRanges; module.exports = internalIpRanges;

226
backend/internal/nginx.js
View File

@@ -1,15 +1,12 @@
import fs from "node:fs"; const _ = require('lodash');
import { dirname } from "node:path"; const fs = require('fs');
import { fileURLToPath } from "node:url"; const logger = require('../logger').nginx;
import _ from "lodash"; const config = require('../lib/config');
import errs from "../lib/error.js"; const utils = require('../lib/utils');
import utils from "../lib/utils.js"; const error = require('../lib/error');
import { nginx as logger } from "../logger.js";
const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);
const internalNginx = { const internalNginx = {
/** /**
* This will: * This will:
* - test the nginx config first to make sure it's OK * - test the nginx config first to make sure it's OK
@@ -27,8 +24,7 @@ const internalNginx = {
configure: (model, host_type, host) => { configure: (model, host_type, host) => {
let combined_meta = {}; let combined_meta = {};
return internalNginx return internalNginx.test()
.test()
.then(() => { .then(() => {
// Nginx is OK // Nginx is OK
// We're deleting this config regardless. // We're deleting this config regardless.
@@ -41,17 +37,19 @@ const internalNginx = {
}) })
.then(() => { .then(() => {
// Test nginx again and update meta with result // Test nginx again and update meta with result
return internalNginx return internalNginx.test()
.test()
.then(() => { .then(() => {
// nginx is ok // nginx is ok
combined_meta = _.assign({}, host.meta, { combined_meta = _.assign({}, host.meta, {
nginx_online: true, nginx_online: true,
nginx_err: null, nginx_err: null
}); });
return model.query().where("id", host.id).patch({ return model
meta: combined_meta, .query()
.where('id', host.id)
.patch({
meta: combined_meta
}); });
}) })
.catch((err) => { .catch((err) => {
@@ -59,28 +57,29 @@ const internalNginx = {
// It will always look like this: // It will always look like this:
// nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (6: No such device or address) // nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (6: No such device or address)
const valid_lines = []; let valid_lines = [];
const err_lines = err.message.split("\n"); let err_lines = err.message.split('\n');
err_lines.map((line) => { err_lines.map(function (line) {
if (line.indexOf("/var/log/nginx/error.log") === -1) { if (line.indexOf('/var/log/nginx/error.log') === -1) {
valid_lines.push(line); valid_lines.push(line);
} }
return true;
}); });
logger.debug("Nginx test failed:", valid_lines.join("\n")); if (config.debug()) {
logger.error('Nginx test failed:', valid_lines.join('\n'));
}
// config is bad, update meta and delete config // config is bad, update meta and delete config
combined_meta = _.assign({}, host.meta, { combined_meta = _.assign({}, host.meta, {
nginx_online: false, nginx_online: false,
nginx_err: valid_lines.join("\n"), nginx_err: valid_lines.join('\n')
}); });
return model return model
.query() .query()
.where("id", host.id) .where('id', host.id)
.patch({ .patch({
meta: combined_meta, meta: combined_meta
}) })
.then(() => { .then(() => {
internalNginx.renameConfigAsError(host_type, host); internalNginx.renameConfigAsError(host_type, host);
@@ -102,17 +101,21 @@ const internalNginx = {
* @returns {Promise} * @returns {Promise}
*/ */
test: () => { test: () => {
logger.debug("Testing Nginx configuration"); if (config.debug()) {
return utils.execFile("/usr/sbin/nginx", ["-t", "-g", "error_log off;"]); logger.info('Testing Nginx configuration');
}
return utils.exec('/usr/sbin/nginx -t -g "error_log off;"');
}, },
/** /**
* @returns {Promise} * @returns {Promise}
*/ */
reload: () => { reload: () => {
return internalNginx.test().then(() => { return internalNginx.test()
logger.info("Reloading Nginx"); .then(() => {
return utils.execFile("/usr/sbin/nginx", ["-s", "reload"]); logger.info('Reloading Nginx');
return utils.exec('/usr/sbin/nginx -s reload');
}); });
}, },
@@ -122,10 +125,10 @@ const internalNginx = {
* @returns {String} * @returns {String}
*/ */
getConfigName: (host_type, host_id) => { getConfigName: (host_type, host_id) => {
if (host_type === "default") { if (host_type === 'default') {
return "/data/nginx/default_host/site.conf"; return '/data/nginx/default_host/site.conf';
} }
return `/data/nginx/${internalNginx.getFileFriendlyHostType(host_type)}/${host_id}.conf`; return '/data/nginx/' + internalNginx.getFileFriendlyHostType(host_type) + '/' + host_id + '.conf';
}, },
/** /**
@@ -138,45 +141,38 @@ const internalNginx = {
let template; let template;
try { try {
template = fs.readFileSync(`${__dirname}/../templates/_location.conf`, { encoding: "utf8" }); template = fs.readFileSync(__dirname + '/../templates/_location.conf', {encoding: 'utf8'});
} catch (err) { } catch (err) {
reject(new errs.ConfigurationError(err.message)); reject(new error.ConfigurationError(err.message));
return; return;
} }
const renderEngine = utils.getRenderEngine(); const renderEngine = utils.getRenderEngine();
let renderedLocations = ""; let renderedLocations = '';
const locationRendering = async () => { const locationRendering = async () => {
for (let i = 0; i < host.locations.length; i++) { for (let i = 0; i < host.locations.length; i++) {
const locationCopy = Object.assign( let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id},
{}, {ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, {block_exploits: host.block_exploits},
{ access_list_id: host.access_list_id }, {allow_websocket_upgrade: host.allow_websocket_upgrade}, {http2_support: host.http2_support},
{ certificate_id: host.certificate_id }, {hsts_enabled: host.hsts_enabled}, {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list},
{ ssl_forced: host.ssl_forced }, {certificate: host.certificate}, host.locations[i]);
{ caching_enabled: host.caching_enabled },
{ block_exploits: host.block_exploits },
{ allow_websocket_upgrade: host.allow_websocket_upgrade },
{ http2_support: host.http2_support },
{ hsts_enabled: host.hsts_enabled },
{ hsts_subdomains: host.hsts_subdomains },
{ access_list: host.access_list },
{ certificate: host.certificate },
host.locations[i],
);
if (locationCopy.forward_host.indexOf("/") > -1) { if (locationCopy.forward_host.indexOf('/') > -1) {
const splitted = locationCopy.forward_host.split("/"); const splitted = locationCopy.forward_host.split('/');
locationCopy.forward_host = splitted.shift(); locationCopy.forward_host = splitted.shift();
locationCopy.forward_path = `/${splitted.join("/")}`; locationCopy.forward_path = `/${splitted.join('/')}`;
} }
// eslint-disable-next-line
renderedLocations += await renderEngine.parseAndRender(template, locationCopy); renderedLocations += await renderEngine.parseAndRender(template, locationCopy);
} }
}; };
locationRendering().then(() => resolve(renderedLocations)); locationRendering().then(() => resolve(renderedLocations));
}); });
}, },
@@ -187,21 +183,23 @@ const internalNginx = {
*/ */
generateConfig: (host_type, host_row) => { generateConfig: (host_type, host_row) => {
// Prevent modifying the original object: // Prevent modifying the original object:
const host = JSON.parse(JSON.stringify(host_row)); let host = JSON.parse(JSON.stringify(host_row));
const nice_host_type = internalNginx.getFileFriendlyHostType(host_type); const nice_host_type = internalNginx.getFileFriendlyHostType(host_type);
logger.debug(`Generating ${nice_host_type} Config:`, JSON.stringify(host, null, 2)); if (config.debug()) {
logger.info('Generating ' + nice_host_type + ' Config:', JSON.stringify(host, null, 2));
}
const renderEngine = utils.getRenderEngine(); const renderEngine = utils.getRenderEngine();
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
let template = null; let template = null;
const filename = internalNginx.getConfigName(nice_host_type, host.id); let filename = internalNginx.getConfigName(nice_host_type, host.id);
try { try {
template = fs.readFileSync(`${__dirname}/../templates/${nice_host_type}.conf`, { encoding: "utf8" }); template = fs.readFileSync(__dirname + '/../templates/' + nice_host_type + '.conf', {encoding: 'utf8'});
} catch (err) { } catch (err) {
reject(new errs.ConfigurationError(err.message)); reject(new error.ConfigurationError(err.message));
return; return;
} }
@@ -209,9 +207,9 @@ const internalNginx = {
let origLocations; let origLocations;
// Manipulate the data a bit before sending it to the template // Manipulate the data a bit before sending it to the template
if (nice_host_type !== "default") { if (nice_host_type !== 'default') {
host.use_default_location = true; host.use_default_location = true;
if (typeof host.advanced_config !== "undefined" && host.advanced_config) { if (typeof host.advanced_config !== 'undefined' && host.advanced_config) {
host.use_default_location = !internalNginx.advancedConfigHasDefaultLocation(host.advanced_config); host.use_default_location = !internalNginx.advancedConfigHasDefaultLocation(host.advanced_config);
} }
} }
@@ -225,10 +223,11 @@ const internalNginx = {
// Allow someone who is using / custom location path to use it, and skip the default / location // Allow someone who is using / custom location path to use it, and skip the default / location
_.map(host.locations, (location) => { _.map(host.locations, (location) => {
if (location.path === "/") { if (location.path === '/') {
host.use_default_location = false; host.use_default_location = false;
} }
}); });
} else { } else {
locationsPromise = Promise.resolve(); locationsPromise = Promise.resolve();
} }
@@ -240,8 +239,11 @@ const internalNginx = {
renderEngine renderEngine
.parseAndRender(template, host) .parseAndRender(template, host)
.then((config_text) => { .then((config_text) => {
fs.writeFileSync(filename, config_text, { encoding: "utf8" }); fs.writeFileSync(filename, config_text, {encoding: 'utf8'});
logger.debug("Wrote config:", filename, config_text);
if (config.debug()) {
logger.success('Wrote config:', filename, config_text);
}
// Restore locations array // Restore locations array
host.locations = origLocations; host.locations = origLocations;
@@ -249,8 +251,11 @@ const internalNginx = {
resolve(true); resolve(true);
}) })
.catch((err) => { .catch((err) => {
logger.debug(`Could not write ${filename}:`, err.message); if (config.debug()) {
reject(new errs.ConfigurationError(err.message)); logger.warn('Could not write ' + filename + ':', err.message);
}
reject(new error.ConfigurationError(err.message));
}); });
}); });
}); });
@@ -265,17 +270,20 @@ const internalNginx = {
* @returns {Promise} * @returns {Promise}
*/ */
generateLetsEncryptRequestConfig: (certificate) => { generateLetsEncryptRequestConfig: (certificate) => {
logger.debug("Generating LetsEncrypt Request Config:", certificate); if (config.debug()) {
logger.info('Generating LetsEncrypt Request Config:', certificate);
}
const renderEngine = utils.getRenderEngine(); const renderEngine = utils.getRenderEngine();
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
let template = null; let template = null;
const filename = `/data/nginx/temp/letsencrypt_${certificate.id}.conf`; let filename = '/data/nginx/temp/letsencrypt_' + certificate.id + '.conf';
try { try {
template = fs.readFileSync(`${__dirname}/../templates/letsencrypt-request.conf`, { encoding: "utf8" }); template = fs.readFileSync(__dirname + '/../templates/letsencrypt-request.conf', {encoding: 'utf8'});
} catch (err) { } catch (err) {
reject(new errs.ConfigurationError(err.message)); reject(new error.ConfigurationError(err.message));
return; return;
} }
@@ -284,13 +292,20 @@ const internalNginx = {
renderEngine renderEngine
.parseAndRender(template, certificate) .parseAndRender(template, certificate)
.then((config_text) => { .then((config_text) => {
fs.writeFileSync(filename, config_text, { encoding: "utf8" }); fs.writeFileSync(filename, config_text, {encoding: 'utf8'});
logger.debug("Wrote config:", filename, config_text);
if (config.debug()) {
logger.success('Wrote config:', filename, config_text);
}
resolve(true); resolve(true);
}) })
.catch((err) => { .catch((err) => {
logger.debug(`Could not write ${filename}:`, err.message); if (config.debug()) {
reject(new errs.ConfigurationError(err.message)); logger.warn('Could not write ' + filename + ':', err.message);
}
reject(new error.ConfigurationError(err.message));
}); });
}); });
}, },
@@ -301,14 +316,11 @@ const internalNginx = {
* @param {String} filename * @param {String} filename
*/ */
deleteFile: (filename) => { deleteFile: (filename) => {
if (!fs.existsSync(filename)) { logger.debug('Deleting file: ' + filename);
return;
}
try { try {
logger.debug(`Deleting file: ${filename}`);
fs.unlinkSync(filename); fs.unlinkSync(filename);
} catch (err) { } catch (err) {
logger.debug("Could not delete file:", JSON.stringify(err, null, 2)); logger.debug('Could not delete file:', JSON.stringify(err, null, 2));
} }
}, },
@@ -318,7 +330,7 @@ const internalNginx = {
* @returns String * @returns String
*/ */
getFileFriendlyHostType: (host_type) => { getFileFriendlyHostType: (host_type) => {
return host_type.replace(/-/g, "_"); return host_type.replace(new RegExp('-', 'g'), '_');
}, },
/** /**
@@ -328,8 +340,8 @@ const internalNginx = {
* @returns {Promise} * @returns {Promise}
*/ */
deleteLetsEncryptRequestConfig: (certificate) => { deleteLetsEncryptRequestConfig: (certificate) => {
const config_file = `/data/nginx/temp/letsencrypt_${certificate.id}.conf`; const config_file = '/data/nginx/temp/letsencrypt_' + certificate.id + '.conf';
return new Promise((resolve /*, reject*/) => { return new Promise((resolve/*, reject*/) => {
internalNginx.deleteFile(config_file); internalNginx.deleteFile(config_file);
resolve(); resolve();
}); });
@@ -342,13 +354,10 @@ const internalNginx = {
* @returns {Promise} * @returns {Promise}
*/ */
deleteConfig: (host_type, host, delete_err_file) => { deleteConfig: (host_type, host, delete_err_file) => {
const config_file = internalNginx.getConfigName( const config_file = internalNginx.getConfigName(internalNginx.getFileFriendlyHostType(host_type), typeof host === 'undefined' ? 0 : host.id);
internalNginx.getFileFriendlyHostType(host_type), const config_file_err = config_file + '.err';
typeof host === "undefined" ? 0 : host.id,
);
const config_file_err = `${config_file}.err`;
return new Promise((resolve /*, reject*/) => { return new Promise((resolve/*, reject*/) => {
internalNginx.deleteFile(config_file); internalNginx.deleteFile(config_file);
if (delete_err_file) { if (delete_err_file) {
internalNginx.deleteFile(config_file_err); internalNginx.deleteFile(config_file_err);
@@ -363,13 +372,10 @@ const internalNginx = {
* @returns {Promise} * @returns {Promise}
*/ */
renameConfigAsError: (host_type, host) => { renameConfigAsError: (host_type, host) => {
const config_file = internalNginx.getConfigName( const config_file = internalNginx.getConfigName(internalNginx.getFileFriendlyHostType(host_type), typeof host === 'undefined' ? 0 : host.id);
internalNginx.getFileFriendlyHostType(host_type), const config_file_err = config_file + '.err';
typeof host === "undefined" ? 0 : host.id,
);
const config_file_err = `${config_file}.err`;
return new Promise((resolve /*, reject*/) => { return new Promise((resolve/*, reject*/) => {
fs.unlink(config_file, () => { fs.unlink(config_file, () => {
// ignore result, continue // ignore result, continue
fs.rename(config_file, config_file_err, () => { fs.rename(config_file, config_file_err, () => {
@@ -381,15 +387,14 @@ const internalNginx = {
}, },
/** /**
* @param {String} hostType * @param {String} host_type
* @param {Array} hosts * @param {Array} hosts
* @returns {Promise} * @returns {Promise}
*/ */
bulkGenerateConfigs: (hostType, hosts) => { bulkGenerateConfigs: (host_type, hosts) => {
const promises = []; let promises = [];
hosts.map((host) => { hosts.map(function (host) {
promises.push(internalNginx.generateConfig(hostType, host)); promises.push(internalNginx.generateConfig(host_type, host));
return true;
}); });
return Promise.all(promises); return Promise.all(promises);
@@ -401,10 +406,9 @@ const internalNginx = {
* @returns {Promise} * @returns {Promise}
*/ */
bulkDeleteConfigs: (host_type, hosts) => { bulkDeleteConfigs: (host_type, hosts) => {
const promises = []; let promises = [];
hosts.map((host) => { hosts.map(function (host) {
promises.push(internalNginx.deleteConfig(host_type, host, true)); promises.push(internalNginx.deleteConfig(host_type, host, true));
return true;
}); });
return Promise.all(promises); return Promise.all(promises);
@@ -414,19 +418,21 @@ const internalNginx = {
* @param {string} config * @param {string} config
* @returns {boolean} * @returns {boolean}
*/ */
advancedConfigHasDefaultLocation: (cfg) => !!cfg.match(/^(?:.*;)?\s*?location\s*?\/\s*?{/im), advancedConfigHasDefaultLocation: function (cfg) {
return !!cfg.match(/^(?:.*;)?\s*?location\s*?\/\s*?{/im);
},
/** /**
* @returns {boolean} * @returns {boolean}
*/ */
ipv6Enabled: () => { ipv6Enabled: function () {
if (typeof process.env.DISABLE_IPV6 !== "undefined") { if (typeof process.env.DISABLE_IPV6 !== 'undefined') {
const disabled = process.env.DISABLE_IPV6.toLowerCase(); const disabled = process.env.DISABLE_IPV6.toLowerCase();
return !(disabled === "on" || disabled === "true" || disabled === "1" || disabled === "yes"); return !(disabled === 'on' || disabled === 'true' || disabled === '1' || disabled === 'yes');
} }
return true; return true;
}, }
}; };
export default internalNginx; module.exports = internalNginx;

335
backend/internal/proxy-host.js
View File

@@ -1,105 +1,105 @@
import _ from "lodash"; const _ = require('lodash');
import errs from "../lib/error.js"; const error = require('../lib/error');
import { castJsonIfNeed } from "../lib/helpers.js"; const utils = require('../lib/utils');
import utils from "../lib/utils.js"; const proxyHostModel = require('../models/proxy_host');
import proxyHostModel from "../models/proxy_host.js"; const internalHost = require('./host');
import internalAuditLog from "./audit-log.js"; const internalNginx = require('./nginx');
import internalCertificate from "./certificate.js"; const internalAuditLog = require('./audit-log');
import internalHost from "./host.js"; const internalCertificate = require('./certificate');
import internalNginx from "./nginx.js";
const omissions = () => { function omissions () {
return ["is_deleted", "owner.is_deleted"]; return ['is_deleted', 'owner.is_deleted'];
}; }
const internalProxyHost = { const internalProxyHost = {
/** /**
* @param {Access} access * @param {Access} access
* @param {Object} data * @param {Object} data
* @returns {Promise} * @returns {Promise}
*/ */
create: (access, data) => { create: (access, data) => {
let thisData = data; let create_certificate = data.certificate_id === 'new';
const createCertificate = thisData.certificate_id === "new";
if (createCertificate) { if (create_certificate) {
delete thisData.certificate_id; delete data.certificate_id;
} }
return access return access.can('proxy_hosts:create', data)
.can("proxy_hosts:create", thisData)
.then(() => { .then(() => {
// Get a list of the domain names and check each of them against existing records // Get a list of the domain names and check each of them against existing records
const domain_name_check_promises = []; let domain_name_check_promises = [];
thisData.domain_names.map((domain_name) => { data.domain_names.map(function (domain_name) {
domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name)); domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name));
return true;
}); });
return Promise.all(domain_name_check_promises).then((check_results) => { return Promise.all(domain_name_check_promises)
check_results.map((result) => { .then((check_results) => {
check_results.map(function (result) {
if (result.is_taken) { if (result.is_taken) {
throw new errs.ValidationError(`${result.hostname} is already in use`); throw new error.ValidationError(result.hostname + ' is already in use');
} }
return true;
}); });
}); });
}) })
.then(() => { .then(() => {
// At this point the domains should have been checked // At this point the domains should have been checked
thisData.owner_user_id = access.token.getUserId(1); data.owner_user_id = access.token.getUserId(1);
thisData = internalHost.cleanSslHstsData(thisData); data = internalHost.cleanSslHstsData(data);
// Fix for db field not having a default value // Fix for db field not having a default value
// for this optional field. // for this optional field.
if (typeof thisData.advanced_config === "undefined") { if (typeof data.advanced_config === 'undefined') {
thisData.advanced_config = ""; data.advanced_config = '';
} }
return proxyHostModel.query().insertAndFetch(thisData).then(utils.omitRow(omissions())); return proxyHostModel
.query()
.insertAndFetch(data)
.then(utils.omitRow(omissions()));
}) })
.then((row) => { .then((row) => {
if (createCertificate) { if (create_certificate) {
return internalCertificate return internalCertificate.createQuickCertificate(access, data)
.createQuickCertificate(access, thisData)
.then((cert) => { .then((cert) => {
// update host with cert id // update host with cert id
return internalProxyHost.update(access, { return internalProxyHost.update(access, {
id: row.id, id: row.id,
certificate_id: cert.id, certificate_id: cert.id
}); });
}) })
.then(() => { .then(() => {
return row; return row;
}); });
} } else {
return row; return row;
}
}) })
.then((row) => { .then((row) => {
// re-fetch with cert // re-fetch with cert
return internalProxyHost.get(access, { return internalProxyHost.get(access, {
id: row.id, id: row.id,
expand: ["certificate", "owner", "access_list.[clients,items]"], expand: ['certificate', 'owner', 'access_list.[clients,items]']
}); });
}) })
.then((row) => { .then((row) => {
// Configure nginx // Configure nginx
return internalNginx.configure(proxyHostModel, "proxy_host", row).then(() => { return internalNginx.configure(proxyHostModel, 'proxy_host', row)
.then(() => {
return row; return row;
}); });
}) })
.then((row) => { .then((row) => {
// Audit log // Audit log
thisData.meta = _.assign({}, thisData.meta || {}, row.meta); data.meta = _.assign({}, data.meta || {}, row.meta);
// Add to audit log // Add to audit log
return internalAuditLog return internalAuditLog.add(access, {
.add(access, { action: 'created',
action: "created", object_type: 'proxy-host',
object_type: "proxy-host",
object_id: row.id, object_id: row.id,
meta: thisData, meta: data
}) })
.then(() => { .then(() => {
return row; return row;
@@ -114,88 +114,77 @@ const internalProxyHost = {
* @return {Promise} * @return {Promise}
*/ */
update: (access, data) => { update: (access, data) => {
let thisData = data; let create_certificate = data.certificate_id === 'new';
const create_certificate = thisData.certificate_id === "new";
if (create_certificate) { if (create_certificate) {
delete thisData.certificate_id; delete data.certificate_id;
} }
return access return access.can('proxy_hosts:update', data.id)
.can("proxy_hosts:update", thisData.id)
.then((/*access_data*/) => { .then((/*access_data*/) => {
// Get a list of the domain names and check each of them against existing records // Get a list of the domain names and check each of them against existing records
const domain_name_check_promises = []; let domain_name_check_promises = [];
if (typeof thisData.domain_names !== "undefined") { if (typeof data.domain_names !== 'undefined') {
thisData.domain_names.map((domain_name) => { data.domain_names.map(function (domain_name) {
return domain_name_check_promises.push( domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name, 'proxy', data.id));
internalHost.isHostnameTaken(domain_name, "proxy", thisData.id),
);
}); });
return Promise.all(domain_name_check_promises).then((check_results) => { return Promise.all(domain_name_check_promises)
check_results.map((result) => { .then((check_results) => {
check_results.map(function (result) {
if (result.is_taken) { if (result.is_taken) {
throw new errs.ValidationError(`${result.hostname} is already in use`); throw new error.ValidationError(result.hostname + ' is already in use');
} }
return true;
}); });
}); });
} }
}) })
.then(() => { .then(() => {
return internalProxyHost.get(access, { id: thisData.id }); return internalProxyHost.get(access, {id: data.id});
}) })
.then((row) => { .then((row) => {
if (row.id !== thisData.id) { if (row.id !== data.id) {
// Sanity check that something crazy hasn't happened // Sanity check that something crazy hasn't happened
throw new errs.InternalValidationError( throw new error.InternalValidationError('Proxy Host could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
`Proxy Host could not be updated, IDs do not match: ${row.id} !== ${thisData.id}`,
);
} }
if (create_certificate) { if (create_certificate) {
return internalCertificate return internalCertificate.createQuickCertificate(access, {
.createQuickCertificate(access, { domain_names: data.domain_names || row.domain_names,
domain_names: thisData.domain_names || row.domain_names, meta: _.assign({}, row.meta, data.meta)
meta: _.assign({}, row.meta, thisData.meta),
}) })
.then((cert) => { .then((cert) => {
// update host with cert id // update host with cert id
thisData.certificate_id = cert.id; data.certificate_id = cert.id;
}) })
.then(() => { .then(() => {
return row; return row;
}); });
} } else {
return row; return row;
}
}) })
.then((row) => { .then((row) => {
// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here. // Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here.
thisData = _.assign( data = _.assign({}, {
{}, domain_names: row.domain_names
{ }, data);
domain_names: row.domain_names,
},
data,
);
thisData = internalHost.cleanSslHstsData(thisData, row); data = internalHost.cleanSslHstsData(data, row);
return proxyHostModel return proxyHostModel
.query() .query()
.where({ id: thisData.id }) .where({id: data.id})
.patch(thisData) .patch(data)
.then(utils.omitRow(omissions())) .then(utils.omitRow(omissions()))
.then((saved_row) => { .then((saved_row) => {
// Add to audit log // Add to audit log
return internalAuditLog return internalAuditLog.add(access, {
.add(access, { action: 'updated',
action: "updated", object_type: 'proxy-host',
object_type: "proxy-host",
object_id: row.id, object_id: row.id,
meta: thisData, meta: data
}) })
.then(() => { .then(() => {
return saved_row; return saved_row;
@@ -203,10 +192,9 @@ const internalProxyHost = {
}); });
}) })
.then(() => { .then(() => {
return internalProxyHost return internalProxyHost.get(access, {
.get(access, { id: data.id,
id: thisData.id, expand: ['owner', 'certificate', 'access_list.[clients,items]']
expand: ["owner", "certificate", "access_list.[clients,items]"],
}) })
.then((row) => { .then((row) => {
if (!row.enabled) { if (!row.enabled) {
@@ -214,9 +202,11 @@ const internalProxyHost = {
return row; return row;
} }
// Configure nginx // Configure nginx
return internalNginx.configure(proxyHostModel, "proxy_host", row).then((new_meta) => { return internalNginx.configure(proxyHostModel, 'proxy_host', row)
.then((new_meta) => {
row.meta = new_meta; row.meta = new_meta;
return _.omit(internalHost.cleanRowCertificateMeta(row), omissions()); row = internalHost.cleanRowCertificateMeta(row);
return _.omit(row, omissions());
}); });
}); });
}); });
@@ -231,38 +221,39 @@ const internalProxyHost = {
* @return {Promise} * @return {Promise}
*/ */
get: (access, data) => { get: (access, data) => {
const thisData = data || {}; if (typeof data === 'undefined') {
data = {};
return access
.can("proxy_hosts:get", thisData.id)
.then((access_data) => {
const query = proxyHostModel
.query()
.where("is_deleted", 0)
.andWhere("id", thisData.id)
.allowGraph("[owner,access_list.[clients,items],certificate]")
.first();
if (access_data.permission_visibility !== "all") {
query.andWhere("owner_user_id", access.token.getUserId(1));
} }
if (typeof thisData.expand !== "undefined" && thisData.expand !== null) { return access.can('proxy_hosts:get', data.id)
query.withGraphFetched(`[${thisData.expand.join(", ")}]`); .then((access_data) => {
let query = proxyHostModel
.query()
.where('is_deleted', 0)
.andWhere('id', data.id)
.allowGraph('[owner,access_list.[clients,items],certificate]')
.first();
if (access_data.permission_visibility !== 'all') {
query.andWhere('owner_user_id', access.token.getUserId(1));
}
if (typeof data.expand !== 'undefined' && data.expand !== null) {
query.withGraphFetched('[' + data.expand.join(', ') + ']');
} }
return query.then(utils.omitRow(omissions())); return query.then(utils.omitRow(omissions()));
}) })
.then((row) => { .then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(thisData.id); throw new error.ItemNotFoundError(data.id);
} }
const thisRow = internalHost.cleanRowCertificateMeta(row); row = internalHost.cleanRowCertificateMeta(row);
// Custom omissions // Custom omissions
if (typeof thisData.omit !== "undefined" && thisData.omit !== null) { if (typeof data.omit !== 'undefined' && data.omit !== null) {
return _.omit(row, thisData.omit); row = _.omit(row, data.omit);
} }
return thisRow; return row;
}); });
}, },
@@ -274,35 +265,35 @@ const internalProxyHost = {
* @returns {Promise} * @returns {Promise}
*/ */
delete: (access, data) => { delete: (access, data) => {
return access return access.can('proxy_hosts:delete', data.id)
.can("proxy_hosts:delete", data.id)
.then(() => { .then(() => {
return internalProxyHost.get(access, { id: data.id }); return internalProxyHost.get(access, {id: data.id});
}) })
.then((row) => { .then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id); throw new error.ItemNotFoundError(data.id);
} }
return proxyHostModel return proxyHostModel
.query() .query()
.where("id", row.id) .where('id', row.id)
.patch({ .patch({
is_deleted: 1, is_deleted: 1
}) })
.then(() => { .then(() => {
// Delete Nginx Config // Delete Nginx Config
return internalNginx.deleteConfig("proxy_host", row).then(() => { return internalNginx.deleteConfig('proxy_host', row)
.then(() => {
return internalNginx.reload(); return internalNginx.reload();
}); });
}) })
.then(() => { .then(() => {
// Add to audit log // Add to audit log
return internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "deleted", action: 'deleted',
object_type: "proxy-host", object_type: 'proxy-host',
object_id: row.id, object_id: row.id,
meta: _.omit(row, omissions()), meta: _.omit(row, omissions())
}); });
}); });
}) })
@@ -319,41 +310,39 @@ const internalProxyHost = {
* @returns {Promise} * @returns {Promise}
*/ */
enable: (access, data) => { enable: (access, data) => {
return access return access.can('proxy_hosts:update', data.id)
.can("proxy_hosts:update", data.id)
.then(() => { .then(() => {
return internalProxyHost.get(access, { return internalProxyHost.get(access, {
id: data.id, id: data.id,
expand: ["certificate", "owner", "access_list"], expand: ['certificate', 'owner', 'access_list']
}); });
}) })
.then((row) => { .then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id); throw new error.ItemNotFoundError(data.id);
} } else if (row.enabled) {
if (row.enabled) { throw new error.ValidationError('Host is already enabled');
throw new errs.ValidationError("Host is already enabled");
} }
row.enabled = 1; row.enabled = 1;
return proxyHostModel return proxyHostModel
.query() .query()
.where("id", row.id) .where('id', row.id)
.patch({ .patch({
enabled: 1, enabled: 1
}) })
.then(() => { .then(() => {
// Configure nginx // Configure nginx
return internalNginx.configure(proxyHostModel, "proxy_host", row); return internalNginx.configure(proxyHostModel, 'proxy_host', row);
}) })
.then(() => { .then(() => {
// Add to audit log // Add to audit log
return internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "enabled", action: 'enabled',
object_type: "proxy-host", object_type: 'proxy-host',
object_id: row.id, object_id: row.id,
meta: _.omit(row, omissions()), meta: _.omit(row, omissions())
}); });
}); });
}) })
@@ -370,40 +359,39 @@ const internalProxyHost = {
* @returns {Promise} * @returns {Promise}
*/ */
disable: (access, data) => { disable: (access, data) => {
return access return access.can('proxy_hosts:update', data.id)
.can("proxy_hosts:update", data.id)
.then(() => { .then(() => {
return internalProxyHost.get(access, { id: data.id }); return internalProxyHost.get(access, {id: data.id});
}) })
.then((row) => { .then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id); throw new error.ItemNotFoundError(data.id);
} } else if (!row.enabled) {
if (!row.enabled) { throw new error.ValidationError('Host is already disabled');
throw new errs.ValidationError("Host is already disabled");
} }
row.enabled = 0; row.enabled = 0;
return proxyHostModel return proxyHostModel
.query() .query()
.where("id", row.id) .where('id', row.id)
.patch({ .patch({
enabled: 0, enabled: 0
}) })
.then(() => { .then(() => {
// Delete Nginx Config // Delete Nginx Config
return internalNginx.deleteConfig("proxy_host", row).then(() => { return internalNginx.deleteConfig('proxy_host', row)
.then(() => {
return internalNginx.reload(); return internalNginx.reload();
}); });
}) })
.then(() => { .then(() => {
// Add to audit log // Add to audit log
return internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "disabled", action: 'disabled',
object_type: "proxy-host", object_type: 'proxy-host',
object_id: row.id, object_id: row.id,
meta: _.omit(row, omissions()), meta: _.omit(row, omissions())
}); });
}); });
}) })
@@ -420,35 +408,40 @@ const internalProxyHost = {
* @param {String} [search_query] * @param {String} [search_query]
* @returns {Promise} * @returns {Promise}
*/ */
getAll: async (access, expand, searchQuery) => { getAll: (access, expand, search_query) => {
const accessData = await access.can("proxy_hosts:list"); return access.can('proxy_hosts:list')
const query = proxyHostModel .then((access_data) => {
let query = proxyHostModel
.query() .query()
.where("is_deleted", 0) .where('is_deleted', 0)
.groupBy("id") .groupBy('id')
.allowGraph("[owner,access_list,certificate]") .allowGraph('[owner,access_list,certificate]')
.orderBy(castJsonIfNeed("domain_names"), "ASC"); .orderBy('domain_names', 'ASC');
if (accessData.permission_visibility !== "all") { if (access_data.permission_visibility !== 'all') {
query.andWhere("owner_user_id", access.token.getUserId(1)); query.andWhere('owner_user_id', access.token.getUserId(1));
} }
// Query is used for searching // Query is used for searching
if (typeof searchQuery === "string" && searchQuery.length > 0) { if (typeof search_query === 'string') {
query.where(function () { query.where(function () {
this.where(castJsonIfNeed("domain_names"), "like", `%${searchQuery}%`); this.where('domain_names', 'like', '%' + search_query + '%');
}); });
} }
if (typeof expand !== "undefined" && expand !== null) { if (typeof expand !== 'undefined' && expand !== null) {
query.withGraphFetched(`[${expand.join(", ")}]`); query.withGraphFetched('[' + expand.join(', ') + ']');
} }
const rows = await query.then(utils.omitRows(omissions())); return query.then(utils.omitRows(omissions()));
if (typeof expand !== "undefined" && expand !== null && expand.indexOf("certificate") !== -1) { })
.then((rows) => {
if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
return internalHost.cleanAllRowsCertificateMeta(rows); return internalHost.cleanAllRowsCertificateMeta(rows);
} }
return rows; return rows;
});
}, },
/** /**
@@ -459,16 +452,20 @@ const internalProxyHost = {
* @returns {Promise} * @returns {Promise}
*/ */
getCount: (user_id, visibility) => { getCount: (user_id, visibility) => {
const query = proxyHostModel.query().count("id as count").where("is_deleted", 0); let query = proxyHostModel
.query()
.count('id as count')
.where('is_deleted', 0);
if (visibility !== "all") { if (visibility !== 'all') {
query.andWhere("owner_user_id", user_id); query.andWhere('owner_user_id', user_id);
} }
return query.first().then((row) => { return query.first()
return Number.parseInt(row.count, 10); .then((row) => {
return parseInt(row.count, 10);
}); });
}, }
}; };
export default internalProxyHost; module.exports = internalProxyHost;

332
backend/internal/redirection-host.js
View File

@@ -1,73 +1,72 @@
import _ from "lodash"; const _ = require('lodash');
import errs from "../lib/error.js"; const error = require('../lib/error');
import { castJsonIfNeed } from "../lib/helpers.js"; const utils = require('../lib/utils');
import utils from "../lib/utils.js"; const redirectionHostModel = require('../models/redirection_host');
import redirectionHostModel from "../models/redirection_host.js"; const internalHost = require('./host');
import internalAuditLog from "./audit-log.js"; const internalNginx = require('./nginx');
import internalCertificate from "./certificate.js"; const internalAuditLog = require('./audit-log');
import internalHost from "./host.js"; const internalCertificate = require('./certificate');
import internalNginx from "./nginx.js";
const omissions = () => { function omissions () {
return ["is_deleted"]; return ['is_deleted'];
}; }
const internalRedirectionHost = { const internalRedirectionHost = {
/** /**
* @param {Access} access * @param {Access} access
* @param {Object} data * @param {Object} data
* @returns {Promise} * @returns {Promise}
*/ */
create: (access, data) => { create: (access, data) => {
let thisData = data || {}; let create_certificate = data.certificate_id === 'new';
const createCertificate = thisData.certificate_id === "new";
if (createCertificate) { if (create_certificate) {
delete thisData.certificate_id; delete data.certificate_id;
} }
return access return access.can('redirection_hosts:create', data)
.can("redirection_hosts:create", thisData)
.then((/*access_data*/) => { .then((/*access_data*/) => {
// Get a list of the domain names and check each of them against existing records // Get a list of the domain names and check each of them against existing records
const domain_name_check_promises = []; let domain_name_check_promises = [];
thisData.domain_names.map((domain_name) => { data.domain_names.map(function (domain_name) {
domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name)); domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name));
return true;
}); });
return Promise.all(domain_name_check_promises).then((check_results) => { return Promise.all(domain_name_check_promises)
check_results.map((result) => { .then((check_results) => {
check_results.map(function (result) {
if (result.is_taken) { if (result.is_taken) {
throw new errs.ValidationError(`${result.hostname} is already in use`); throw new error.ValidationError(result.hostname + ' is already in use');
} }
return true;
}); });
}); });
}) })
.then(() => { .then(() => {
// At this point the domains should have been checked // At this point the domains should have been checked
thisData.owner_user_id = access.token.getUserId(1); data.owner_user_id = access.token.getUserId(1);
thisData = internalHost.cleanSslHstsData(thisData); data = internalHost.cleanSslHstsData(data);
// Fix for db field not having a default value // Fix for db field not having a default value
// for this optional field. // for this optional field.
if (typeof data.advanced_config === "undefined") { if (typeof data.advanced_config === 'undefined') {
data.advanced_config = ""; data.advanced_config = '';
} }
return redirectionHostModel.query().insertAndFetch(thisData).then(utils.omitRow(omissions())); return redirectionHostModel
.query()
.insertAndFetch(data)
.then(utils.omitRow(omissions()));
}) })
.then((row) => { .then((row) => {
if (createCertificate) { if (create_certificate) {
return internalCertificate return internalCertificate.createQuickCertificate(access, data)
.createQuickCertificate(access, thisData)
.then((cert) => { .then((cert) => {
// update host with cert id // update host with cert id
return internalRedirectionHost.update(access, { return internalRedirectionHost.update(access, {
id: row.id, id: row.id,
certificate_id: cert.id, certificate_id: cert.id
}); });
}) })
.then(() => { .then(() => {
@@ -80,25 +79,25 @@ const internalRedirectionHost = {
// re-fetch with cert // re-fetch with cert
return internalRedirectionHost.get(access, { return internalRedirectionHost.get(access, {
id: row.id, id: row.id,
expand: ["certificate", "owner"], expand: ['certificate', 'owner']
}); });
}) })
.then((row) => { .then((row) => {
// Configure nginx // Configure nginx
return internalNginx.configure(redirectionHostModel, "redirection_host", row).then(() => { return internalNginx.configure(redirectionHostModel, 'redirection_host', row)
.then(() => {
return row; return row;
}); });
}) })
.then((row) => { .then((row) => {
thisData.meta = _.assign({}, thisData.meta || {}, row.meta); data.meta = _.assign({}, data.meta || {}, row.meta);
// Add to audit log // Add to audit log
return internalAuditLog return internalAuditLog.add(access, {
.add(access, { action: 'created',
action: "created", object_type: 'redirection-host',
object_type: "redirection-host",
object_id: row.id, object_id: row.id,
meta: thisData, meta: data
}) })
.then(() => { .then(() => {
return row; return row;
@@ -113,88 +112,76 @@ const internalRedirectionHost = {
* @return {Promise} * @return {Promise}
*/ */
update: (access, data) => { update: (access, data) => {
let thisData = data || {}; let create_certificate = data.certificate_id === 'new';
const createCertificate = thisData.certificate_id === "new";
if (createCertificate) { if (create_certificate) {
delete thisData.certificate_id; delete data.certificate_id;
} }
return access return access.can('redirection_hosts:update', data.id)
.can("redirection_hosts:update", thisData.id)
.then((/*access_data*/) => { .then((/*access_data*/) => {
// Get a list of the domain names and check each of them against existing records // Get a list of the domain names and check each of them against existing records
const domain_name_check_promises = []; let domain_name_check_promises = [];
if (typeof thisData.domain_names !== "undefined") { if (typeof data.domain_names !== 'undefined') {
thisData.domain_names.map((domain_name) => { data.domain_names.map(function (domain_name) {
domain_name_check_promises.push( domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name, 'redirection', data.id));
internalHost.isHostnameTaken(domain_name, "redirection", thisData.id),
);
return true;
}); });
return Promise.all(domain_name_check_promises).then((check_results) => { return Promise.all(domain_name_check_promises)
check_results.map((result) => { .then((check_results) => {
check_results.map(function (result) {
if (result.is_taken) { if (result.is_taken) {
throw new errs.ValidationError(`${result.hostname} is already in use`); throw new error.ValidationError(result.hostname + ' is already in use');
} }
return true;
}); });
}); });
} }
}) })
.then(() => { .then(() => {
return internalRedirectionHost.get(access, { id: thisData.id }); return internalRedirectionHost.get(access, {id: data.id});
}) })
.then((row) => { .then((row) => {
if (row.id !== thisData.id) { if (row.id !== data.id) {
// Sanity check that something crazy hasn't happened // Sanity check that something crazy hasn't happened
throw new errs.InternalValidationError( throw new error.InternalValidationError('Redirection Host could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
`Redirection Host could not be updated, IDs do not match: ${row.id} !== ${thisData.id}`,
);
} }
if (createCertificate) { if (create_certificate) {
return internalCertificate return internalCertificate.createQuickCertificate(access, {
.createQuickCertificate(access, { domain_names: data.domain_names || row.domain_names,
domain_names: thisData.domain_names || row.domain_names, meta: _.assign({}, row.meta, data.meta)
meta: _.assign({}, row.meta, thisData.meta),
}) })
.then((cert) => { .then((cert) => {
// update host with cert id // update host with cert id
thisData.certificate_id = cert.id; data.certificate_id = cert.id;
}) })
.then(() => { .then(() => {
return row; return row;
}); });
} } else {
return row; return row;
}
}) })
.then((row) => { .then((row) => {
// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here. // Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here.
thisData = _.assign( data = _.assign({}, {
{}, domain_names: row.domain_names
{ }, data);
domain_names: row.domain_names,
},
thisData,
);
thisData = internalHost.cleanSslHstsData(thisData, row); data = internalHost.cleanSslHstsData(data, row);
return redirectionHostModel return redirectionHostModel
.query() .query()
.where({ id: thisData.id }) .where({id: data.id})
.patch(thisData) .patch(data)
.then((saved_row) => { .then((saved_row) => {
// Add to audit log // Add to audit log
return internalAuditLog return internalAuditLog.add(access, {
.add(access, { action: 'updated',
action: "updated", object_type: 'redirection-host',
object_type: "redirection-host",
object_id: row.id, object_id: row.id,
meta: thisData, meta: data
}) })
.then(() => { .then(() => {
return _.omit(saved_row, omissions()); return _.omit(saved_row, omissions());
@@ -202,18 +189,17 @@ const internalRedirectionHost = {
}); });
}) })
.then(() => { .then(() => {
return internalRedirectionHost return internalRedirectionHost.get(access, {
.get(access, { id: data.id,
id: thisData.id, expand: ['owner', 'certificate']
expand: ["owner", "certificate"],
}) })
.then((row) => { .then((row) => {
// Configure nginx // Configure nginx
return internalNginx return internalNginx.configure(redirectionHostModel, 'redirection_host', row)
.configure(redirectionHostModel, "redirection_host", row)
.then((new_meta) => { .then((new_meta) => {
row.meta = new_meta; row.meta = new_meta;
return _.omit(internalHost.cleanRowCertificateMeta(row), omissions()); row = internalHost.cleanRowCertificateMeta(row);
return _.omit(row, omissions());
}); });
}); });
}); });
@@ -228,39 +214,39 @@ const internalRedirectionHost = {
* @return {Promise} * @return {Promise}
*/ */
get: (access, data) => { get: (access, data) => {
const thisData = data || {}; if (typeof data === 'undefined') {
data = {};
return access
.can("redirection_hosts:get", thisData.id)
.then((access_data) => {
const query = redirectionHostModel
.query()
.where("is_deleted", 0)
.andWhere("id", thisData.id)
.allowGraph("[owner,certificate]")
.first();
if (access_data.permission_visibility !== "all") {
query.andWhere("owner_user_id", access.token.getUserId(1));
} }
if (typeof thisData.expand !== "undefined" && thisData.expand !== null) { return access.can('redirection_hosts:get', data.id)
query.withGraphFetched(`[${thisData.expand.join(", ")}]`); .then((access_data) => {
let query = redirectionHostModel
.query()
.where('is_deleted', 0)
.andWhere('id', data.id)
.allowGraph('[owner,certificate]')
.first();
if (access_data.permission_visibility !== 'all') {
query.andWhere('owner_user_id', access.token.getUserId(1));
}
if (typeof data.expand !== 'undefined' && data.expand !== null) {
query.withGraphFetched('[' + data.expand.join(', ') + ']');
} }
return query.then(utils.omitRow(omissions())); return query.then(utils.omitRow(omissions()));
}) })
.then((row) => { .then((row) => {
let thisRow = row; if (!row || !row.id) {
if (!thisRow || !thisRow.id) { throw new error.ItemNotFoundError(data.id);
throw new errs.ItemNotFoundError(thisData.id);
} }
thisRow = internalHost.cleanRowCertificateMeta(thisRow); row = internalHost.cleanRowCertificateMeta(row);
// Custom omissions // Custom omissions
if (typeof thisData.omit !== "undefined" && thisData.omit !== null) { if (typeof data.omit !== 'undefined' && data.omit !== null) {
return _.omit(thisRow, thisData.omit); row = _.omit(row, data.omit);
} }
return thisRow; return row;
}); });
}, },
@@ -272,35 +258,35 @@ const internalRedirectionHost = {
* @returns {Promise} * @returns {Promise}
*/ */
delete: (access, data) => { delete: (access, data) => {
return access return access.can('redirection_hosts:delete', data.id)
.can("redirection_hosts:delete", data.id)
.then(() => { .then(() => {
return internalRedirectionHost.get(access, { id: data.id }); return internalRedirectionHost.get(access, {id: data.id});
}) })
.then((row) => { .then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id); throw new error.ItemNotFoundError(data.id);
} }
return redirectionHostModel return redirectionHostModel
.query() .query()
.where("id", row.id) .where('id', row.id)
.patch({ .patch({
is_deleted: 1, is_deleted: 1
}) })
.then(() => { .then(() => {
// Delete Nginx Config // Delete Nginx Config
return internalNginx.deleteConfig("redirection_host", row).then(() => { return internalNginx.deleteConfig('redirection_host', row)
.then(() => {
return internalNginx.reload(); return internalNginx.reload();
}); });
}) })
.then(() => { .then(() => {
// Add to audit log // Add to audit log
return internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "deleted", action: 'deleted',
object_type: "redirection-host", object_type: 'redirection-host',
object_id: row.id, object_id: row.id,
meta: _.omit(row, omissions()), meta: _.omit(row, omissions())
}); });
}); });
}) })
@@ -317,41 +303,39 @@ const internalRedirectionHost = {
* @returns {Promise} * @returns {Promise}
*/ */
enable: (access, data) => { enable: (access, data) => {
return access return access.can('redirection_hosts:update', data.id)
.can("redirection_hosts:update", data.id)
.then(() => { .then(() => {
return internalRedirectionHost.get(access, { return internalRedirectionHost.get(access, {
id: data.id, id: data.id,
expand: ["certificate", "owner"], expand: ['certificate', 'owner']
}); });
}) })
.then((row) => { .then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id); throw new error.ItemNotFoundError(data.id);
} } else if (row.enabled) {
if (row.enabled) { throw new error.ValidationError('Host is already enabled');
throw new errs.ValidationError("Host is already enabled");
} }
row.enabled = 1; row.enabled = 1;
return redirectionHostModel return redirectionHostModel
.query() .query()
.where("id", row.id) .where('id', row.id)
.patch({ .patch({
enabled: 1, enabled: 1
}) })
.then(() => { .then(() => {
// Configure nginx // Configure nginx
return internalNginx.configure(redirectionHostModel, "redirection_host", row); return internalNginx.configure(redirectionHostModel, 'redirection_host', row);
}) })
.then(() => { .then(() => {
// Add to audit log // Add to audit log
return internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "enabled", action: 'enabled',
object_type: "redirection-host", object_type: 'redirection-host',
object_id: row.id, object_id: row.id,
meta: _.omit(row, omissions()), meta: _.omit(row, omissions())
}); });
}); });
}) })
@@ -368,40 +352,39 @@ const internalRedirectionHost = {
* @returns {Promise} * @returns {Promise}
*/ */
disable: (access, data) => { disable: (access, data) => {
return access return access.can('redirection_hosts:update', data.id)
.can("redirection_hosts:update", data.id)
.then(() => { .then(() => {
return internalRedirectionHost.get(access, { id: data.id }); return internalRedirectionHost.get(access, {id: data.id});
}) })
.then((row) => { .then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id); throw new error.ItemNotFoundError(data.id);
} } else if (!row.enabled) {
if (!row.enabled) { throw new error.ValidationError('Host is already disabled');
throw new errs.ValidationError("Host is already disabled");
} }
row.enabled = 0; row.enabled = 0;
return redirectionHostModel return redirectionHostModel
.query() .query()
.where("id", row.id) .where('id', row.id)
.patch({ .patch({
enabled: 0, enabled: 0
}) })
.then(() => { .then(() => {
// Delete Nginx Config // Delete Nginx Config
return internalNginx.deleteConfig("redirection_host", row).then(() => { return internalNginx.deleteConfig('redirection_host', row)
.then(() => {
return internalNginx.reload(); return internalNginx.reload();
}); });
}) })
.then(() => { .then(() => {
// Add to audit log // Add to audit log
return internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "disabled", action: 'disabled',
object_type: "redirection-host", object_type: 'redirection-host',
object_id: row.id, object_id: row.id,
meta: _.omit(row, omissions()), meta: _.omit(row, omissions())
}); });
}); });
}) })
@@ -419,35 +402,34 @@ const internalRedirectionHost = {
* @returns {Promise} * @returns {Promise}
*/ */
getAll: (access, expand, search_query) => { getAll: (access, expand, search_query) => {
return access return access.can('redirection_hosts:list')
.can("redirection_hosts:list")
.then((access_data) => { .then((access_data) => {
const query = redirectionHostModel let query = redirectionHostModel
.query() .query()
.where("is_deleted", 0) .where('is_deleted', 0)
.groupBy("id") .groupBy('id')
.allowGraph("[owner,certificate]") .allowGraph('[owner,certificate]')
.orderBy(castJsonIfNeed("domain_names"), "ASC"); .orderBy('domain_names', 'ASC');
if (access_data.permission_visibility !== "all") { if (access_data.permission_visibility !== 'all') {
query.andWhere("owner_user_id", access.token.getUserId(1)); query.andWhere('owner_user_id', access.token.getUserId(1));
} }
// Query is used for searching // Query is used for searching
if (typeof search_query === "string" && search_query.length > 0) { if (typeof search_query === 'string') {
query.where(function () { query.where(function () {
this.where(castJsonIfNeed("domain_names"), "like", `%${search_query}%`); this.where('domain_names', 'like', '%' + search_query + '%');
}); });
} }
if (typeof expand !== "undefined" && expand !== null) { if (typeof expand !== 'undefined' && expand !== null) {
query.withGraphFetched(`[${expand.join(", ")}]`); query.withGraphFetched('[' + expand.join(', ') + ']');
} }
return query.then(utils.omitRows(omissions())); return query.then(utils.omitRows(omissions()));
}) })
.then((rows) => { .then((rows) => {
if (typeof expand !== "undefined" && expand !== null && expand.indexOf("certificate") !== -1) { if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
return internalHost.cleanAllRowsCertificateMeta(rows); return internalHost.cleanAllRowsCertificateMeta(rows);
} }
@@ -463,16 +445,20 @@ const internalRedirectionHost = {
* @returns {Promise} * @returns {Promise}
*/ */
getCount: (user_id, visibility) => { getCount: (user_id, visibility) => {
const query = redirectionHostModel.query().count("id as count").where("is_deleted", 0); let query = redirectionHostModel
.query()
.count('id as count')
.where('is_deleted', 0);
if (visibility !== "all") { if (visibility !== 'all') {
query.andWhere("owner_user_id", user_id); query.andWhere('owner_user_id', user_id);
} }
return query.first().then((row) => { return query.first()
return Number.parseInt(row.count, 10); .then((row) => {
return parseInt(row.count, 10);
}); });
}, }
}; };
export default internalRedirectionHost; module.exports = internalRedirectionHost;

31
backend/internal/report.js
View File

@@ -1,24 +1,24 @@
import internalDeadHost from "./dead-host.js"; const internalProxyHost = require('./proxy-host');
import internalProxyHost from "./proxy-host.js"; const internalRedirectionHost = require('./redirection-host');
import internalRedirectionHost from "./redirection-host.js"; const internalDeadHost = require('./dead-host');
import internalStream from "./stream.js"; const internalStream = require('./stream');
const internalReport = { const internalReport = {
/** /**
* @param {Access} access * @param {Access} access
* @return {Promise} * @return {Promise}
*/ */
getHostsReport: (access) => { getHostsReport: (access) => {
return access return access.can('reports:hosts', 1)
.can("reports:hosts", 1)
.then((access_data) => { .then((access_data) => {
const userId = access.token.getUserId(1); let user_id = access.token.getUserId(1);
const promises = [ let promises = [
internalProxyHost.getCount(userId, access_data.visibility), internalProxyHost.getCount(user_id, access_data.visibility),
internalRedirectionHost.getCount(userId, access_data.visibility), internalRedirectionHost.getCount(user_id, access_data.visibility),
internalStream.getCount(userId, access_data.visibility), internalStream.getCount(user_id, access_data.visibility),
internalDeadHost.getCount(userId, access_data.visibility), internalDeadHost.getCount(user_id, access_data.visibility)
]; ];
return Promise.all(promises); return Promise.all(promises);
@@ -28,10 +28,11 @@ const internalReport = {
proxy: counts.shift(), proxy: counts.shift(),
redirection: counts.shift(), redirection: counts.shift(),
stream: counts.shift(), stream: counts.shift(),
dead: counts.shift(), dead: counts.shift()
}; };
}); });
},
}
}; };
export default internalReport; module.exports = internalReport;

76
backend/internal/setting.js
View File

@@ -1,9 +1,10 @@
import fs from "node:fs"; const fs = require('fs');
import errs from "../lib/error.js"; const error = require('../lib/error');
import settingModel from "../models/setting.js"; const settingModel = require('../models/setting');
import internalNginx from "./nginx.js"; const internalNginx = require('./nginx');
const internalSetting = { const internalSetting = {
/** /**
* @param {Access} access * @param {Access} access
* @param {Object} data * @param {Object} data
@@ -11,38 +12,37 @@ const internalSetting = {
* @return {Promise} * @return {Promise}
*/ */
update: (access, data) => { update: (access, data) => {
return access return access.can('settings:update', data.id)
.can("settings:update", data.id)
.then((/*access_data*/) => { .then((/*access_data*/) => {
return internalSetting.get(access, { id: data.id }); return internalSetting.get(access, {id: data.id});
}) })
.then((row) => { .then((row) => {
if (row.id !== data.id) { if (row.id !== data.id) {
// Sanity check that something crazy hasn't happened // Sanity check that something crazy hasn't happened
throw new errs.InternalValidationError( throw new error.InternalValidationError('Setting could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
`Setting could not be updated, IDs do not match: ${row.id} !== ${data.id}`,
);
} }
return settingModel.query().where({ id: data.id }).patch(data); return settingModel
.query()
.where({id: data.id})
.patch(data);
}) })
.then(() => { .then(() => {
return internalSetting.get(access, { return internalSetting.get(access, {
id: data.id, id: data.id
}); });
}) })
.then((row) => { .then((row) => {
if (row.id === "default-site") { if (row.id === 'default-site') {
// write the html if we need to // write the html if we need to
if (row.value === "html") { if (row.value === 'html') {
fs.writeFileSync("/data/nginx/default_www/index.html", row.meta.html, { encoding: "utf8" }); fs.writeFileSync('/data/nginx/default_www/index.html', row.meta.html, {encoding: 'utf8'});
} }
// Configure nginx // Configure nginx
return internalNginx return internalNginx.deleteConfig('default')
.deleteConfig("default")
.then(() => { .then(() => {
return internalNginx.generateConfig("default", row); return internalNginx.generateConfig('default', row);
}) })
.then(() => { .then(() => {
return internalNginx.test(); return internalNginx.test();
@@ -54,8 +54,7 @@ const internalSetting = {
return row; return row;
}) })
.catch((/*err*/) => { .catch((/*err*/) => {
internalNginx internalNginx.deleteConfig('default')
.deleteConfig("default")
.then(() => { .then(() => {
return internalNginx.test(); return internalNginx.test();
}) })
@@ -64,11 +63,12 @@ const internalSetting = {
}) })
.then(() => { .then(() => {
// I'm being slack here I know.. // I'm being slack here I know..
throw new errs.ValidationError("Could not reconfigure Nginx. Please check logs."); throw new error.ValidationError('Could not reconfigure Nginx. Please check logs.');
}); });
}); });
} } else {
return row; return row;
}
}); });
}, },
@@ -79,16 +79,19 @@ const internalSetting = {
* @return {Promise} * @return {Promise}
*/ */
get: (access, data) => { get: (access, data) => {
return access return access.can('settings:get', data.id)
.can("settings:get", data.id)
.then(() => { .then(() => {
return settingModel.query().where("id", data.id).first(); return settingModel
.query()
.where('id', data.id)
.first();
}) })
.then((row) => { .then((row) => {
if (row) { if (row) {
return row; return row;
} else {
throw new error.ItemNotFoundError(data.id);
} }
throw new errs.ItemNotFoundError(data.id);
}); });
}, },
@@ -99,13 +102,15 @@ const internalSetting = {
* @returns {*} * @returns {*}
*/ */
getCount: (access) => { getCount: (access) => {
return access return access.can('settings:list')
.can("settings:list")
.then(() => { .then(() => {
return settingModel.query().count("id as count").first(); return settingModel
.query()
.count('id as count')
.first();
}) })
.then((row) => { .then((row) => {
return Number.parseInt(row.count, 10); return parseInt(row.count, 10);
}); });
}, },
@@ -116,10 +121,13 @@ const internalSetting = {
* @returns {Promise} * @returns {Promise}
*/ */
getAll: (access) => { getAll: (access) => {
return access.can("settings:list").then(() => { return access.can('settings:list')
return settingModel.query().orderBy("description", "ASC"); .then(() => {
return settingModel
.query()
.orderBy('description', 'ASC');
}); });
}, }
}; };
export default internalSetting; module.exports = internalSetting;

313
backend/internal/stream.js
View File

@@ -1,84 +1,50 @@
import _ from "lodash"; const _ = require('lodash');
import errs from "../lib/error.js"; const error = require('../lib/error');
import { castJsonIfNeed } from "../lib/helpers.js"; const utils = require('../lib/utils');
import utils from "../lib/utils.js"; const streamModel = require('../models/stream');
import streamModel from "../models/stream.js"; const internalNginx = require('./nginx');
import internalAuditLog from "./audit-log.js"; const internalAuditLog = require('./audit-log');
import internalCertificate from "./certificate.js";
import internalHost from "./host.js";
import internalNginx from "./nginx.js";
const omissions = () => { function omissions () {
return ["is_deleted", "owner.is_deleted", "certificate.is_deleted"]; return ['is_deleted'];
}; }
const internalStream = { const internalStream = {
/** /**
* @param {Access} access * @param {Access} access
* @param {Object} data * @param {Object} data
* @returns {Promise} * @returns {Promise}
*/ */
create: (access, data) => { create: (access, data) => {
const create_certificate = data.certificate_id === "new"; return access.can('streams:create', data)
if (create_certificate) {
delete data.certificate_id;
}
return access
.can("streams:create", data)
.then((/*access_data*/) => { .then((/*access_data*/) => {
// TODO: At this point the existing ports should have been checked // TODO: At this point the existing ports should have been checked
data.owner_user_id = access.token.getUserId(1); data.owner_user_id = access.token.getUserId(1);
if (typeof data.meta === "undefined") { if (typeof data.meta === 'undefined') {
data.meta = {}; data.meta = {};
} }
// streams aren't routed by domain name so don't store domain names in the DB return streamModel
const data_no_domains = structuredClone(data); .query()
delete data_no_domains.domain_names; .insertAndFetch(data)
.then(utils.omitRow(omissions()));
return streamModel.query().insertAndFetch(data_no_domains).then(utils.omitRow(omissions()));
})
.then((row) => {
if (create_certificate) {
return internalCertificate
.createQuickCertificate(access, data)
.then((cert) => {
// update host with cert id
return internalStream.update(access, {
id: row.id,
certificate_id: cert.id,
});
})
.then(() => {
return row;
});
}
return row;
})
.then((row) => {
// re-fetch with cert
return internalStream.get(access, {
id: row.id,
expand: ["certificate", "owner"],
});
}) })
.then((row) => { .then((row) => {
// Configure nginx // Configure nginx
return internalNginx.configure(streamModel, "stream", row).then(() => { return internalNginx.configure(streamModel, 'stream', row)
return row; .then(() => {
return internalStream.get(access, {id: row.id, expand: ['owner']});
}); });
}) })
.then((row) => { .then((row) => {
// Add to audit log // Add to audit log
return internalAuditLog return internalAuditLog.add(access, {
.add(access, { action: 'created',
action: "created", object_type: 'stream',
object_type: "stream",
object_id: row.id, object_id: row.id,
meta: data, meta: data
}) })
.then(() => { .then(() => {
return row; return row;
@@ -93,78 +59,39 @@ const internalStream = {
* @return {Promise} * @return {Promise}
*/ */
update: (access, data) => { update: (access, data) => {
let thisData = data; return access.can('streams:update', data.id)
const create_certificate = thisData.certificate_id === "new";
if (create_certificate) {
delete thisData.certificate_id;
}
return access
.can("streams:update", thisData.id)
.then((/*access_data*/) => { .then((/*access_data*/) => {
// TODO: at this point the existing streams should have been checked // TODO: at this point the existing streams should have been checked
return internalStream.get(access, { id: thisData.id }); return internalStream.get(access, {id: data.id});
}) })
.then((row) => { .then((row) => {
if (row.id !== thisData.id) { if (row.id !== data.id) {
// Sanity check that something crazy hasn't happened // Sanity check that something crazy hasn't happened
throw new errs.InternalValidationError( throw new error.InternalValidationError('Stream could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
`Stream could not be updated, IDs do not match: ${row.id} !== ${thisData.id}`,
);
} }
if (create_certificate) {
return internalCertificate
.createQuickCertificate(access, {
domain_names: thisData.domain_names || row.domain_names,
meta: _.assign({}, row.meta, thisData.meta),
})
.then((cert) => {
// update host with cert id
thisData.certificate_id = cert.id;
})
.then(() => {
return row;
});
}
return row;
})
.then((row) => {
// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here.
thisData = _.assign(
{},
{
domain_names: row.domain_names,
},
thisData,
);
return streamModel return streamModel
.query() .query()
.patchAndFetchById(row.id, thisData) .patchAndFetchById(row.id, data)
.then(utils.omitRow(omissions())) .then(utils.omitRow(omissions()))
.then((saved_row) => {
return internalNginx.configure(streamModel, 'stream', saved_row)
.then(() => {
return internalStream.get(access, {id: row.id, expand: ['owner']});
});
})
.then((saved_row) => { .then((saved_row) => {
// Add to audit log // Add to audit log
return internalAuditLog return internalAuditLog.add(access, {
.add(access, { action: 'updated',
action: "updated", object_type: 'stream',
object_type: "stream",
object_id: row.id, object_id: row.id,
meta: thisData, meta: data
}) })
.then(() => { .then(() => {
return saved_row; return saved_row;
}); });
}); });
})
.then(() => {
return internalStream.get(access, { id: thisData.id, expand: ["owner", "certificate"] }).then((row) => {
return internalNginx.configure(streamModel, "stream", row).then((new_meta) => {
row.meta = new_meta;
return _.omit(internalHost.cleanRowCertificateMeta(row), omissions());
});
});
}); });
}, },
@@ -177,39 +104,38 @@ const internalStream = {
* @return {Promise} * @return {Promise}
*/ */
get: (access, data) => { get: (access, data) => {
const thisData = data || {}; if (typeof data === 'undefined') {
data = {};
return access
.can("streams:get", thisData.id)
.then((access_data) => {
const query = streamModel
.query()
.where("is_deleted", 0)
.andWhere("id", thisData.id)
.allowGraph("[owner,certificate]")
.first();
if (access_data.permission_visibility !== "all") {
query.andWhere("owner_user_id", access.token.getUserId(1));
} }
if (typeof thisData.expand !== "undefined" && thisData.expand !== null) { return access.can('streams:get', data.id)
query.withGraphFetched(`[${thisData.expand.join(", ")}]`); .then((access_data) => {
let query = streamModel
.query()
.where('is_deleted', 0)
.andWhere('id', data.id)
.allowGraph('[owner]')
.first();
if (access_data.permission_visibility !== 'all') {
query.andWhere('owner_user_id', access.token.getUserId(1));
}
if (typeof data.expand !== 'undefined' && data.expand !== null) {
query.withGraphFetched('[' + data.expand.join(', ') + ']');
} }
return query.then(utils.omitRow(omissions())); return query.then(utils.omitRow(omissions()));
}) })
.then((row) => { .then((row) => {
let thisRow = row; if (!row || !row.id) {
if (!thisRow || !thisRow.id) { throw new error.ItemNotFoundError(data.id);
throw new errs.ItemNotFoundError(thisData.id);
} }
thisRow = internalHost.cleanRowCertificateMeta(thisRow);
// Custom omissions // Custom omissions
if (typeof thisData.omit !== "undefined" && thisData.omit !== null) { if (typeof data.omit !== 'undefined' && data.omit !== null) {
return _.omit(thisRow, thisData.omit); row = _.omit(row, data.omit);
} }
return thisRow; return row;
}); });
}, },
@@ -221,35 +147,35 @@ const internalStream = {
* @returns {Promise} * @returns {Promise}
*/ */
delete: (access, data) => { delete: (access, data) => {
return access return access.can('streams:delete', data.id)
.can("streams:delete", data.id)
.then(() => { .then(() => {
return internalStream.get(access, { id: data.id }); return internalStream.get(access, {id: data.id});
}) })
.then((row) => { .then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id); throw new error.ItemNotFoundError(data.id);
} }
return streamModel return streamModel
.query() .query()
.where("id", row.id) .where('id', row.id)
.patch({ .patch({
is_deleted: 1, is_deleted: 1
}) })
.then(() => { .then(() => {
// Delete Nginx Config // Delete Nginx Config
return internalNginx.deleteConfig("stream", row).then(() => { return internalNginx.deleteConfig('stream', row)
.then(() => {
return internalNginx.reload(); return internalNginx.reload();
}); });
}) })
.then(() => { .then(() => {
// Add to audit log // Add to audit log
return internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "deleted", action: 'deleted',
object_type: "stream", object_type: 'stream',
object_id: row.id, object_id: row.id,
meta: _.omit(row, omissions()), meta: _.omit(row, omissions())
}); });
}); });
}) })
@@ -266,41 +192,39 @@ const internalStream = {
* @returns {Promise} * @returns {Promise}
*/ */
enable: (access, data) => { enable: (access, data) => {
return access return access.can('streams:update', data.id)
.can("streams:update", data.id)
.then(() => { .then(() => {
return internalStream.get(access, { return internalStream.get(access, {
id: data.id, id: data.id,
expand: ["certificate", "owner"], expand: ['owner']
}); });
}) })
.then((row) => { .then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id); throw new error.ItemNotFoundError(data.id);
} } else if (row.enabled) {
if (row.enabled) { throw new error.ValidationError('Host is already enabled');
throw new errs.ValidationError("Stream is already enabled");
} }
row.enabled = 1; row.enabled = 1;
return streamModel return streamModel
.query() .query()
.where("id", row.id) .where('id', row.id)
.patch({ .patch({
enabled: 1, enabled: 1
}) })
.then(() => { .then(() => {
// Configure nginx // Configure nginx
return internalNginx.configure(streamModel, "stream", row); return internalNginx.configure(streamModel, 'stream', row);
}) })
.then(() => { .then(() => {
// Add to audit log // Add to audit log
return internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "enabled", action: 'enabled',
object_type: "stream", object_type: 'stream',
object_id: row.id, object_id: row.id,
meta: _.omit(row, omissions()), meta: _.omit(row, omissions())
}); });
}); });
}) })
@@ -317,40 +241,39 @@ const internalStream = {
* @returns {Promise} * @returns {Promise}
*/ */
disable: (access, data) => { disable: (access, data) => {
return access return access.can('streams:update', data.id)
.can("streams:update", data.id)
.then(() => { .then(() => {
return internalStream.get(access, { id: data.id }); return internalStream.get(access, {id: data.id});
}) })
.then((row) => { .then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id); throw new error.ItemNotFoundError(data.id);
} } else if (!row.enabled) {
if (!row.enabled) { throw new error.ValidationError('Host is already disabled');
throw new errs.ValidationError("Stream is already disabled");
} }
row.enabled = 0; row.enabled = 0;
return streamModel return streamModel
.query() .query()
.where("id", row.id) .where('id', row.id)
.patch({ .patch({
enabled: 0, enabled: 0
}) })
.then(() => { .then(() => {
// Delete Nginx Config // Delete Nginx Config
return internalNginx.deleteConfig("stream", row).then(() => { return internalNginx.deleteConfig('stream', row)
.then(() => {
return internalNginx.reload(); return internalNginx.reload();
}); });
}) })
.then(() => { .then(() => {
// Add to audit log // Add to audit log
return internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "disabled", action: 'disabled',
object_type: "stream", object_type: 'stream-host',
object_id: row.id, object_id: row.id,
meta: _.omit(row, omissions()), meta: _.omit(row, omissions())
}); });
}); });
}) })
@@ -368,39 +291,31 @@ const internalStream = {
* @returns {Promise} * @returns {Promise}
*/ */
getAll: (access, expand, search_query) => { getAll: (access, expand, search_query) => {
return access return access.can('streams:list')
.can("streams:list")
.then((access_data) => { .then((access_data) => {
const query = streamModel let query = streamModel
.query() .query()
.where("is_deleted", 0) .where('is_deleted', 0)
.groupBy("id") .groupBy('id')
.allowGraph("[owner,certificate]") .allowGraph('[owner]')
.orderBy("incoming_port", "ASC"); .orderBy('incoming_port', 'ASC');
if (access_data.permission_visibility !== "all") { if (access_data.permission_visibility !== 'all') {
query.andWhere("owner_user_id", access.token.getUserId(1)); query.andWhere('owner_user_id', access.token.getUserId(1));
} }
// Query is used for searching // Query is used for searching
if (typeof search_query === "string" && search_query.length > 0) { if (typeof search_query === 'string') {
query.where(function () { query.where(function () {
this.where(castJsonIfNeed("incoming_port"), "like", `%${search_query}%`); this.where('incoming_port', 'like', '%' + search_query + '%');
}); });
} }
if (typeof expand !== "undefined" && expand !== null) { if (typeof expand !== 'undefined' && expand !== null) {
query.withGraphFetched(`[${expand.join(", ")}]`); query.withGraphFetched('[' + expand.join(', ') + ']');
} }
return query.then(utils.omitRows(omissions())); return query.then(utils.omitRows(omissions()));
})
.then((rows) => {
if (typeof expand !== "undefined" && expand !== null && expand.indexOf("certificate") !== -1) {
return internalHost.cleanAllRowsCertificateMeta(rows);
}
return rows;
}); });
}, },
@@ -412,16 +327,20 @@ const internalStream = {
* @returns {Promise} * @returns {Promise}
*/ */
getCount: (user_id, visibility) => { getCount: (user_id, visibility) => {
const query = streamModel.query().count("id AS count").where("is_deleted", 0); let query = streamModel
.query()
.count('id as count')
.where('is_deleted', 0);
if (visibility !== "all") { if (visibility !== 'all') {
query.andWhere("owner_user_id", user_id); query.andWhere('owner_user_id', user_id);
} }
return query.first().then((row) => { return query.first()
return Number.parseInt(row.count, 10); .then((row) => {
return parseInt(row.count, 10);
}); });
}, }
}; };
export default internalStream; module.exports = internalStream;

174
backend/internal/token.js
View File

@@ -1,14 +1,14 @@
import _ from "lodash"; const _ = require('lodash');
import errs from "../lib/error.js"; const error = require('../lib/error');
import { parseDatePeriod } from "../lib/helpers.js"; const userModel = require('../models/user');
import authModel from "../models/auth.js"; const authModel = require('../models/auth');
import TokenModel from "../models/token.js"; const helpers = require('../lib/helpers');
import userModel from "../models/user.js"; const TokenModel = require('../models/token');
const ERROR_MESSAGE_INVALID_AUTH = "Invalid email or password"; const ERROR_MESSAGE_INVALID_AUTH = 'Invalid email or password';
const ERROR_MESSAGE_INVALID_AUTH_I18N = "error.invalid-auth";
module.exports = {
export default {
/** /**
* @param {Object} data * @param {Object} data
* @param {String} data.identity * @param {String} data.identity
@@ -18,66 +18,70 @@ export default {
* @param {String} [issuer] * @param {String} [issuer]
* @returns {Promise} * @returns {Promise}
*/ */
getTokenFromEmail: async (data, issuer) => { getTokenFromEmail: (data, issuer) => {
const Token = TokenModel(); let Token = new TokenModel();
data.scope = data.scope || "user"; data.scope = data.scope || 'user';
data.expiry = data.expiry || "1d"; data.expiry = data.expiry || '1d';
const user = await userModel return userModel
.query() .query()
.where("email", data.identity.toLowerCase().trim()) .where('email', data.identity.toLowerCase().trim())
.andWhere("is_deleted", 0) .andWhere('is_deleted', 0)
.andWhere("is_disabled", 0) .andWhere('is_disabled', 0)
.first(); .first()
.then((user) => {
if (!user) { if (user) {
throw new errs.AuthError(ERROR_MESSAGE_INVALID_AUTH); // Get auth
} return authModel
const auth = await authModel
.query() .query()
.where("user_id", "=", user.id) .where('user_id', '=', user.id)
.where("type", "=", "password") .where('type', '=', 'password')
.first(); .first()
.then((auth) => {
if (auth) {
return auth.verifyPassword(data.secret)
.then((valid) => {
if (valid) {
if (!auth) { if (data.scope !== 'user' && _.indexOf(user.roles, data.scope) === -1) {
throw new errs.AuthError(ERROR_MESSAGE_INVALID_AUTH);
}
const valid = await auth.verifyPassword(data.secret);
if (!valid) {
throw new errs.AuthError(
ERROR_MESSAGE_INVALID_AUTH,
ERROR_MESSAGE_INVALID_AUTH_I18N,
);
}
if (data.scope !== "user" && _.indexOf(user.roles, data.scope) === -1) {
// The scope requested doesn't exist as a role against the user, // The scope requested doesn't exist as a role against the user,
// you shall not pass. // you shall not pass.
throw new errs.AuthError(`Invalid scope: ${data.scope}`); throw new error.AuthError('Invalid scope: ' + data.scope);
} }
// Create a moment of the expiry expression // Create a moment of the expiry expression
const expiry = parseDatePeriod(data.expiry); let expiry = helpers.parseDatePeriod(data.expiry);
if (expiry === null) { if (expiry === null) {
throw new errs.AuthError(`Invalid expiry time: ${data.expiry}`); throw new error.AuthError('Invalid expiry time: ' + data.expiry);
} }
const signed = await Token.create({ return Token.create({
iss: issuer || "api", iss: issuer || 'api',
attrs: { attrs: {
id: user.id, id: user.id
}, },
scope: [data.scope], scope: [data.scope],
expiresIn: data.expiry, expiresIn: data.expiry
}); })
.then((signed) => {
return { return {
token: signed.token, token: signed.token,
expires: expiry.toISOString(), expires: expiry.toISOString()
}; };
});
} else {
throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
}
});
} else {
throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
}
});
} else {
throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
}
});
}, },
/** /**
@@ -87,70 +91,74 @@ export default {
* @param {String} [data.scope] Only considered if existing token scope is admin * @param {String} [data.scope] Only considered if existing token scope is admin
* @returns {Promise} * @returns {Promise}
*/ */
getFreshToken: async (access, data) => { getFreshToken: (access, data) => {
const Token = TokenModel(); let Token = new TokenModel();
const thisData = data || {};
thisData.expiry = thisData.expiry || "1d"; data = data || {};
data.expiry = data.expiry || '1d';
if (access && access.token.getUserId(0)) {
if (access?.token.getUserId(0)) {
// Create a moment of the expiry expression // Create a moment of the expiry expression
const expiry = parseDatePeriod(thisData.expiry); let expiry = helpers.parseDatePeriod(data.expiry);
if (expiry === null) { if (expiry === null) {
throw new errs.AuthError(`Invalid expiry time: ${thisData.expiry}`); throw new error.AuthError('Invalid expiry time: ' + data.expiry);
} }
const token_attrs = { let token_attrs = {
id: access.token.getUserId(0), id: access.token.getUserId(0)
}; };
// Only admins can request otherwise scoped tokens // Only admins can request otherwise scoped tokens
let scope = access.token.get("scope"); let scope = access.token.get('scope');
if (thisData.scope && access.token.hasScope("admin")) { if (data.scope && access.token.hasScope('admin')) {
scope = [thisData.scope]; scope = [data.scope];
if (thisData.scope === "job-board" || thisData.scope === "worker") { if (data.scope === 'job-board' || data.scope === 'worker') {
token_attrs.id = 0; token_attrs.id = 0;
} }
} }
const signed = await Token.create({ return Token.create({
iss: "api", iss: 'api',
scope: scope, scope: scope,
attrs: token_attrs, attrs: token_attrs,
expiresIn: thisData.expiry, expiresIn: data.expiry
}); })
.then((signed) => {
return { return {
token: signed.token, token: signed.token,
expires: expiry.toISOString(), expires: expiry.toISOString()
}; };
});
} else {
throw new error.AssertionFailedError('Existing token contained invalid user data');
} }
throw new error.AssertionFailedError("Existing token contained invalid user data");
}, },
/** /**
* @param {Object} user * @param {Object} user
* @returns {Promise} * @returns {Promise}
*/ */
getTokenFromUser: async (user) => { getTokenFromUser: (user) => {
const expire = "1d"; const expire = '1d';
const Token = TokenModel(); const Token = new TokenModel();
const expiry = parseDatePeriod(expire); const expiry = helpers.parseDatePeriod(expire);
const signed = await Token.create({ return Token.create({
iss: "api", iss: 'api',
attrs: { attrs: {
id: user.id, id: user.id
}, },
scope: ["user"], scope: ['user'],
expiresIn: expire, expiresIn: expire
}); })
.then((signed) => {
return { return {
token: signed.token, token: signed.token,
expires: expiry.toISOString(), expires: expiry.toISOString(),
user: user, user: user
}; };
}, });
}
}; };

377
backend/internal/user.js
View File

@@ -1,76 +1,93 @@
import gravatar from "gravatar"; const _ = require('lodash');
import _ from "lodash"; const error = require('../lib/error');
import errs from "../lib/error.js"; const utils = require('../lib/utils');
import utils from "../lib/utils.js"; const userModel = require('../models/user');
import authModel from "../models/auth.js"; const userPermissionModel = require('../models/user_permission');
import userModel from "../models/user.js"; const authModel = require('../models/auth');
import userPermissionModel from "../models/user_permission.js"; const gravatar = require('gravatar');
import internalAuditLog from "./audit-log.js"; const internalToken = require('./token');
import internalToken from "./token.js"; const internalAuditLog = require('./audit-log');
const omissions = () => { function omissions () {
return ["is_deleted", "permissions.id", "permissions.user_id", "permissions.created_on", "permissions.modified_on"]; return ['is_deleted'];
}; }
const DEFAULT_AVATAR = gravatar.url("admin@example.com", { default: "mm" });
const internalUser = { const internalUser = {
/** /**
* Create a user can happen unauthenticated only once and only when no active users exist.
* Otherwise, a valid auth method is required.
*
* @param {Access} access * @param {Access} access
* @param {Object} data * @param {Object} data
* @returns {Promise} * @returns {Promise}
*/ */
create: async (access, data) => { create: (access, data) => {
const auth = data.auth || null; let auth = data.auth || null;
delete data.auth; delete data.auth;
data.avatar = data.avatar || ""; data.avatar = data.avatar || '';
data.roles = data.roles || []; data.roles = data.roles || [];
if (typeof data.is_disabled !== "undefined") { if (typeof data.is_disabled !== 'undefined') {
data.is_disabled = data.is_disabled ? 1 : 0; data.is_disabled = data.is_disabled ? 1 : 0;
} }
await access.can("users:create", data); return access.can('users:create', data)
data.avatar = gravatar.url(data.email, { default: "mm" }); .then(() => {
data.avatar = gravatar.url(data.email, {default: 'mm'});
let user = await userModel.query().insertAndFetch(data).then(utils.omitRow(omissions())); return userModel
.query()
.insertAndFetch(data)
.then(utils.omitRow(omissions()));
})
.then((user) => {
if (auth) { if (auth) {
user = await authModel.query().insert({ return authModel
.query()
.insert({
user_id: user.id, user_id: user.id,
type: auth.type, type: auth.type,
secret: auth.secret, secret: auth.secret,
meta: {}, meta: {}
}); })
} .then(() => {
// Create permissions row as well
const isAdmin = data.roles.indexOf("admin") !== -1;
await userPermissionModel.query().insert({
user_id: user.id,
visibility: isAdmin ? "all" : "user",
proxy_hosts: "manage",
redirection_hosts: "manage",
dead_hosts: "manage",
streams: "manage",
access_lists: "manage",
certificates: "manage",
});
user = await internalUser.get(access, { id: user.id, expand: ["permissions"] });
await internalAuditLog.add(access, {
action: "created",
object_type: "user",
object_id: user.id,
meta: user,
});
return user; return user;
});
} else {
return user;
}
})
.then((user) => {
// Create permissions row as well
let is_admin = data.roles.indexOf('admin') !== -1;
return userPermissionModel
.query()
.insert({
user_id: user.id,
visibility: is_admin ? 'all' : 'user',
proxy_hosts: 'manage',
redirection_hosts: 'manage',
dead_hosts: 'manage',
streams: 'manage',
access_lists: 'manage',
certificates: 'manage'
})
.then(() => {
return internalUser.get(access, {id: user.id, expand: ['permissions']});
});
})
.then((user) => {
// Add to audit log
return internalAuditLog.add(access, {
action: 'created',
object_type: 'user',
object_id: user.id,
meta: user
})
.then(() => {
return user;
});
});
}, },
/** /**
@@ -82,25 +99,29 @@ const internalUser = {
* @return {Promise} * @return {Promise}
*/ */
update: (access, data) => { update: (access, data) => {
if (typeof data.is_disabled !== "undefined") { if (typeof data.is_disabled !== 'undefined') {
data.is_disabled = data.is_disabled ? 1 : 0; data.is_disabled = data.is_disabled ? 1 : 0;
} }
return access return access.can('users:update', data.id)
.can("users:update", data.id)
.then(() => { .then(() => {
// Make sure that the user being updated doesn't change their email to another user that is already using it // Make sure that the user being updated doesn't change their email to another user that is already using it
// 1. get user we want to update // 1. get user we want to update
return internalUser.get(access, { id: data.id }).then((user) => { return internalUser.get(access, {id: data.id})
.then((user) => {
// 2. if email is to be changed, find other users with that email // 2. if email is to be changed, find other users with that email
if (typeof data.email !== "undefined") { if (typeof data.email !== 'undefined') {
data.email = data.email.toLowerCase().trim(); data.email = data.email.toLowerCase().trim();
if (user.email !== data.email) { if (user.email !== data.email) {
return internalUser.isEmailAvailable(data.email, data.id).then((available) => { return internalUser.isEmailAvailable(data.email, data.id)
.then((available) => {
if (!available) { if (!available) {
throw new errs.ValidationError(`Email address already in use - ${data.email}`); throw new error.ValidationError('Email address already in use - ' + data.email);
} }
return user; return user;
}); });
} }
@@ -113,25 +134,26 @@ const internalUser = {
.then((user) => { .then((user) => {
if (user.id !== data.id) { if (user.id !== data.id) {
// Sanity check that something crazy hasn't happened // Sanity check that something crazy hasn't happened
throw new errs.InternalValidationError( throw new error.InternalValidationError('User could not be updated, IDs do not match: ' + user.id + ' !== ' + data.id);
`User could not be updated, IDs do not match: ${user.id} !== ${data.id}`,
);
} }
data.avatar = gravatar.url(data.email || user.email, { default: "mm" }); data.avatar = gravatar.url(data.email || user.email, {default: 'mm'});
return userModel.query().patchAndFetchById(user.id, data).then(utils.omitRow(omissions()));
return userModel
.query()
.patchAndFetchById(user.id, data)
.then(utils.omitRow(omissions()));
}) })
.then(() => { .then(() => {
return internalUser.get(access, { id: data.id }); return internalUser.get(access, {id: data.id});
}) })
.then((user) => { .then((user) => {
// Add to audit log // Add to audit log
return internalAuditLog return internalAuditLog.add(access, {
.add(access, { action: 'updated',
action: "updated", object_type: 'user',
object_type: "user",
object_id: user.id, object_id: user.id,
meta: { ...data, id: user.id, name: user.name }, meta: data
}) })
.then(() => { .then(() => {
return user; return user;
@@ -148,41 +170,37 @@ const internalUser = {
* @return {Promise} * @return {Promise}
*/ */
get: (access, data) => { get: (access, data) => {
const thisData = data || {}; if (typeof data === 'undefined') {
data = {};
if (typeof thisData.id === "undefined" || !thisData.id) {
thisData.id = access.token.getUserId(0);
} }
return access if (typeof data.id === 'undefined' || !data.id) {
.can("users:get", thisData.id) data.id = access.token.getUserId(0);
}
return access.can('users:get', data.id)
.then(() => { .then(() => {
const query = userModel let query = userModel
.query() .query()
.where("is_deleted", 0) .where('is_deleted', 0)
.andWhere("id", thisData.id) .andWhere('id', data.id)
.allowGraph("[permissions]") .allowGraph('[permissions]')
.first(); .first();
if (typeof thisData.expand !== "undefined" && thisData.expand !== null) { if (typeof data.expand !== 'undefined' && data.expand !== null) {
query.withGraphFetched(`[${thisData.expand.join(", ")}]`); query.withGraphFetched('[' + data.expand.join(', ') + ']');
} }
return query.then(utils.omitRow(omissions())); return query.then(utils.omitRow(omissions()));
}) })
.then((row) => { .then((row) => {
if (!row || !row.id) { if (!row || !row.id) {
throw new errs.ItemNotFoundError(thisData.id); throw new error.ItemNotFoundError(data.id);
} }
// Custom omissions // Custom omissions
if (typeof thisData.omit !== "undefined" && thisData.omit !== null) { if (typeof data.omit !== 'undefined' && data.omit !== null) {
return _.omit(row, thisData.omit); row = _.omit(row, data.omit);
} }
if (row.avatar === "") {
row.avatar = DEFAULT_AVATAR;
}
return row; return row;
}); });
}, },
@@ -195,13 +213,18 @@ const internalUser = {
* @param user_id * @param user_id
*/ */
isEmailAvailable: (email, user_id) => { isEmailAvailable: (email, user_id) => {
const query = userModel.query().where("email", "=", email.toLowerCase().trim()).where("is_deleted", 0).first(); let query = userModel
.query()
.where('email', '=', email.toLowerCase().trim())
.where('is_deleted', 0)
.first();
if (typeof user_id !== "undefined") { if (typeof user_id !== 'undefined') {
query.where("id", "!=", user_id); query.where('id', '!=', user_id);
} }
return query.then((user) => { return query
.then((user) => {
return !user; return !user;
}); });
}, },
@@ -214,34 +237,33 @@ const internalUser = {
* @returns {Promise} * @returns {Promise}
*/ */
delete: (access, data) => { delete: (access, data) => {
return access return access.can('users:delete', data.id)
.can("users:delete", data.id)
.then(() => { .then(() => {
return internalUser.get(access, { id: data.id }); return internalUser.get(access, {id: data.id});
}) })
.then((user) => { .then((user) => {
if (!user) { if (!user) {
throw new errs.ItemNotFoundError(data.id); throw new error.ItemNotFoundError(data.id);
} }
// Make sure user can't delete themselves // Make sure user can't delete themselves
if (user.id === access.token.getUserId(0)) { if (user.id === access.token.getUserId(0)) {
throw new errs.PermissionError("You cannot delete yourself."); throw new error.PermissionError('You cannot delete yourself.');
} }
return userModel return userModel
.query() .query()
.where("id", user.id) .where('id', user.id)
.patch({ .patch({
is_deleted: 1, is_deleted: 1
}) })
.then(() => { .then(() => {
// Add to audit log // Add to audit log
return internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "deleted", action: 'deleted',
object_type: "user", object_type: 'user',
object_id: user.id, object_id: user.id,
meta: _.omit(user, omissions()), meta: _.omit(user, omissions())
}); });
}); });
}) })
@@ -250,14 +272,6 @@ const internalUser = {
}); });
}, },
deleteAll: async () => {
await userModel
.query()
.patch({
is_deleted: 1,
});
},
/** /**
* This will only count the users * This will only count the users
* *
@@ -266,26 +280,26 @@ const internalUser = {
* @returns {*} * @returns {*}
*/ */
getCount: (access, search_query) => { getCount: (access, search_query) => {
return access return access.can('users:list')
.can("users:list")
.then(() => { .then(() => {
const query = userModel.query().count("id as count").where("is_deleted", 0).first(); let query = userModel
.query()
.count('id as count')
.where('is_deleted', 0)
.first();
// Query is used for searching // Query is used for searching
if (typeof search_query === "string") { if (typeof search_query === 'string') {
query.where(function () { query.where(function () {
this.where("user.name", "like", `%${search_query}%`).orWhere( this.where('user.name', 'like', '%' + search_query + '%')
"user.email", .orWhere('user.email', 'like', '%' + search_query + '%');
"like",
`%${search_query}%`,
);
}); });
} }
return query; return query;
}) })
.then((row) => { .then((row) => {
return Number.parseInt(row.count, 10); return parseInt(row.count, 10);
}); });
}, },
@@ -297,28 +311,30 @@ const internalUser = {
* @param {String} [search_query] * @param {String} [search_query]
* @returns {Promise} * @returns {Promise}
*/ */
getAll: async (access, expand, search_query) => { getAll: (access, expand, search_query) => {
await access.can("users:list"); return access.can('users:list')
const query = userModel .then(() => {
let query = userModel
.query() .query()
.where("is_deleted", 0) .where('is_deleted', 0)
.groupBy("id") .groupBy('id')
.allowGraph("[permissions]") .allowGraph('[permissions]')
.orderBy("name", "ASC"); .orderBy('name', 'ASC');
// Query is used for searching // Query is used for searching
if (typeof search_query === "string") { if (typeof search_query === 'string') {
query.where(function () { query.where(function () {
this.where("name", "like", `%${search_query}%`).orWhere("email", "like", `%${search_query}%`); this.where('name', 'like', '%' + search_query + '%')
.orWhere('email', 'like', '%' + search_query + '%');
}); });
} }
if (typeof expand !== "undefined" && expand !== null) { if (typeof expand !== 'undefined' && expand !== null) {
query.withGraphFetched(`[${expand.join(", ")}]`); query.withGraphFetched('[' + expand.join(', ') + ']');
} }
const res = await query; return query.then(utils.omitRows(omissions()));
return utils.omitRows(omissions())(res); });
}, },
/** /**
@@ -326,11 +342,11 @@ const internalUser = {
* @param {Integer} [id_requested] * @param {Integer} [id_requested]
* @returns {[String]} * @returns {[String]}
*/ */
getUserOmisionsByAccess: (access, idRequested) => { getUserOmisionsByAccess: (access, id_requested) => {
let response = []; // Admin response let response = []; // Admin response
if (!access.token.hasScope("admin") && access.token.getUserId(0) !== idRequested) { if (!access.token.hasScope('admin') && access.token.getUserId(0) !== id_requested) {
response = ["is_deleted"]; // Restricted response response = ['roles', 'is_deleted']; // Restricted response
} }
return response; return response;
@@ -345,29 +361,25 @@ const internalUser = {
* @return {Promise} * @return {Promise}
*/ */
setPassword: (access, data) => { setPassword: (access, data) => {
return access return access.can('users:password', data.id)
.can("users:password", data.id)
.then(() => { .then(() => {
return internalUser.get(access, { id: data.id }); return internalUser.get(access, {id: data.id});
}) })
.then((user) => { .then((user) => {
if (user.id !== data.id) { if (user.id !== data.id) {
// Sanity check that something crazy hasn't happened // Sanity check that something crazy hasn't happened
throw new errs.InternalValidationError( throw new error.InternalValidationError('User could not be updated, IDs do not match: ' + user.id + ' !== ' + data.id);
`User could not be updated, IDs do not match: ${user.id} !== ${data.id}`,
);
} }
if (user.id === access.token.getUserId(0)) { if (user.id === access.token.getUserId(0)) {
// they're setting their own password. Make sure their current password is correct // they're setting their own password. Make sure their current password is correct
if (typeof data.current === "undefined" || !data.current) { if (typeof data.current === 'undefined' || !data.current) {
throw new errs.ValidationError("Current password was not supplied"); throw new error.ValidationError('Current password was not supplied');
} }
return internalToken return internalToken.getTokenFromEmail({
.getTokenFromEmail({
identity: user.email, identity: user.email,
secret: data.current, secret: data.current
}) })
.then(() => { .then(() => {
return user; return user;
@@ -380,36 +392,43 @@ const internalUser = {
// Get auth, patch if it exists // Get auth, patch if it exists
return authModel return authModel
.query() .query()
.where("user_id", user.id) .where('user_id', user.id)
.andWhere("type", data.type) .andWhere('type', data.type)
.first() .first()
.then((existing_auth) => { .then((existing_auth) => {
if (existing_auth) { if (existing_auth) {
// patch // patch
return authModel.query().where("user_id", user.id).andWhere("type", data.type).patch({ return authModel
.query()
.where('user_id', user.id)
.andWhere('type', data.type)
.patch({
type: data.type, // This is required for the model to encrypt on save type: data.type, // This is required for the model to encrypt on save
secret: data.secret, secret: data.secret
}); });
} } else {
// insert // insert
return authModel.query().insert({ return authModel
.query()
.insert({
user_id: user.id, user_id: user.id,
type: data.type, type: data.type,
secret: data.secret, secret: data.secret,
meta: {}, meta: {}
}); });
}
}) })
.then(() => { .then(() => {
// Add to Audit Log // Add to Audit Log
return internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "updated", action: 'updated',
object_type: "user", object_type: 'user',
object_id: user.id, object_id: user.id,
meta: { meta: {
name: user.name, name: user.name,
password_changed: true, password_changed: true,
auth_type: data.type, auth_type: data.type
}, }
}); });
}); });
}) })
@@ -424,17 +443,14 @@ const internalUser = {
* @return {Promise} * @return {Promise}
*/ */
setPermissions: (access, data) => { setPermissions: (access, data) => {
return access return access.can('users:permissions', data.id)
.can("users:permissions", data.id)
.then(() => { .then(() => {
return internalUser.get(access, { id: data.id }); return internalUser.get(access, {id: data.id});
}) })
.then((user) => { .then((user) => {
if (user.id !== data.id) { if (user.id !== data.id) {
// Sanity check that something crazy hasn't happened // Sanity check that something crazy hasn't happened
throw new errs.InternalValidationError( throw new error.InternalValidationError('User could not be updated, IDs do not match: ' + user.id + ' !== ' + data.id);
`User could not be updated, IDs do not match: ${user.id} !== ${data.id}`,
);
} }
return user; return user;
@@ -443,30 +459,34 @@ const internalUser = {
// Get perms row, patch if it exists // Get perms row, patch if it exists
return userPermissionModel return userPermissionModel
.query() .query()
.where("user_id", user.id) .where('user_id', user.id)
.first() .first()
.then((existing_auth) => { .then((existing_auth) => {
if (existing_auth) { if (existing_auth) {
// patch // patch
return userPermissionModel return userPermissionModel
.query() .query()
.where("user_id", user.id) .where('user_id', user.id)
.patchAndFetchById(existing_auth.id, _.assign({ user_id: user.id }, data)); .patchAndFetchById(existing_auth.id, _.assign({user_id: user.id}, data));
} } else {
// insert // insert
return userPermissionModel.query().insertAndFetch(_.assign({ user_id: user.id }, data)); return userPermissionModel
.query()
.insertAndFetch(_.assign({user_id: user.id}, data));
}
}) })
.then((permissions) => { .then((permissions) => {
// Add to Audit Log // Add to Audit Log
return internalAuditLog.add(access, { return internalAuditLog.add(access, {
action: "updated", action: 'updated',
object_type: "user", object_type: 'user',
object_id: user.id, object_id: user.id,
meta: { meta: {
name: user.name, name: user.name,
permissions: permissions, permissions: permissions
}, }
}); });
}); });
}) })
.then(() => { .then(() => {
@@ -480,15 +500,14 @@ const internalUser = {
* @param {Integer} data.id * @param {Integer} data.id
*/ */
loginAs: (access, data) => { loginAs: (access, data) => {
return access return access.can('users:loginas', data.id)
.can("users:loginas", data.id)
.then(() => { .then(() => {
return internalUser.get(access, data); return internalUser.get(access, data);
}) })
.then((user) => { .then((user) => {
return internalToken.getTokenFromUser(user); return internalToken.getTokenFromUser(user);
}); });
}, }
}; };
export default internalUser; module.exports = internalUser;

323
backend/lib/access.js
View File

@@ -4,31 +4,27 @@
* "scope" in this file means "where did this token come from and what is using it", so 99% of the time * "scope" in this file means "where did this token come from and what is using it", so 99% of the time
* the "scope" is going to be "user" because it would be a user token. This is not to be confused with * the "scope" is going to be "user" because it would be a user token. This is not to be confused with
* the "role" which could be "user" or "admin". The scope in fact, could be "worker" or anything else. * the "role" which could be "user" or "admin". The scope in fact, could be "worker" or anything else.
*
*
*/ */
import fs from "node:fs"; const _ = require('lodash');
import { dirname } from "node:path"; const logger = require('../logger').access;
import { fileURLToPath } from "node:url"; const Ajv = require('ajv/dist/2020');
import Ajv from "ajv/dist/2020.js"; const error = require('./error');
import _ from "lodash"; const userModel = require('../models/user');
import { access as logger } from "../logger.js"; const proxyHostModel = require('../models/proxy_host');
import proxyHostModel from "../models/proxy_host.js"; const TokenModel = require('../models/token');
import TokenModel from "../models/token.js"; const roleSchema = require('./access/roles.json');
import userModel from "../models/user.js"; const permsSchema = require('./access/permissions.json');
import permsSchema from "./access/permissions.json" with { type: "json" };
import roleSchema from "./access/roles.json" with { type: "json" };
import errs from "./error.js";
const __filename = fileURLToPath(import.meta.url); module.exports = function (token_string) {
const __dirname = dirname(__filename); let Token = new TokenModel();
let token_data = null;
export default function (tokenString) {
const Token = TokenModel();
let tokenData = null;
let initialised = false; let initialised = false;
const objectCache = {}; let object_cache = {};
let allowInternalAccess = false; let allow_internal_access = false;
let userRoles = []; let user_roles = [];
let permissions = {}; let permissions = {};
/** /**
@@ -36,58 +32,63 @@ export default function (tokenString) {
* *
* @returns {Promise} * @returns {Promise}
*/ */
this.init = async () => { this.init = () => {
return new Promise((resolve, reject) => {
if (initialised) { if (initialised) {
return; resolve();
} } else if (!token_string) {
reject(new error.PermissionError('Permission Denied'));
if (!tokenString) { } else {
throw new errs.PermissionError("Permission Denied"); resolve(Token.load(token_string)
} .then((data) => {
token_data = data;
tokenData = await Token.load(tokenString);
// At this point we need to load the user from the DB and make sure they: // At this point we need to load the user from the DB and make sure they:
// - exist (and not soft deleted) // - exist (and not soft deleted)
// - still have the appropriate scopes for this token // - still have the appropriate scopes for this token
// This is only required when the User ID is supplied or if the token scope has `user` // This is only required when the User ID is supplied or if the token scope has `user`
if (
tokenData.attrs.id ||
(typeof tokenData.scope !== "undefined" && _.indexOf(tokenData.scope, "user") !== -1)
) {
// Has token user id or token user scope
const user = await userModel
.query()
.where("id", tokenData.attrs.id)
.andWhere("is_deleted", 0)
.andWhere("is_disabled", 0)
.allowGraph("[permissions]")
.withGraphFetched("[permissions]")
.first();
if (token_data.attrs.id || (typeof token_data.scope !== 'undefined' && _.indexOf(token_data.scope, 'user') !== -1)) {
// Has token user id or token user scope
return userModel
.query()
.where('id', token_data.attrs.id)
.andWhere('is_deleted', 0)
.andWhere('is_disabled', 0)
.allowGraph('[permissions]')
.withGraphFetched('[permissions]')
.first()
.then((user) => {
if (user) { if (user) {
// make sure user has all scopes of the token // make sure user has all scopes of the token
// The `user` role is not added against the user row, so we have to just add it here to get past this check. // The `user` role is not added against the user row, so we have to just add it here to get past this check.
user.roles.push("user"); user.roles.push('user');
let ok = true; let is_ok = true;
_.forEach(tokenData.scope, (scope_item) => { _.forEach(token_data.scope, (scope_item) => {
if (_.indexOf(user.roles, scope_item) === -1) { if (_.indexOf(user.roles, scope_item) === -1) {
ok = false; is_ok = false;
} }
}); });
if (!ok) { if (!is_ok) {
throw new errs.AuthError("Invalid token scope for User"); throw new error.AuthError('Invalid token scope for User');
}
initialised = true;
userRoles = user.roles;
permissions = user.permissions;
} else { } else {
throw new errs.AuthError("User cannot be loaded for Token");
}
}
initialised = true; initialised = true;
user_roles = user.roles;
permissions = user.permissions;
}
} else {
throw new error.AuthError('User cannot be loaded for Token');
}
});
} else {
initialised = true;
}
}));
}
});
}; };
/** /**
@@ -95,121 +96,140 @@ export default function (tokenString) {
* This only applies to USER token scopes, as all other tokens are not really bound * This only applies to USER token scopes, as all other tokens are not really bound
* by object scopes * by object scopes
* *
* @param {String} objectType * @param {String} object_type
* @returns {Promise} * @returns {Promise}
*/ */
this.loadObjects = async (objectType) => { this.loadObjects = (object_type) => {
let objects = null; return new Promise((resolve, reject) => {
if (Token.hasScope('user')) {
if (Token.hasScope("user")) { if (typeof token_data.attrs.id === 'undefined' || !token_data.attrs.id) {
if (typeof tokenData.attrs.id === "undefined" || !tokenData.attrs.id) { reject(new error.AuthError('User Token supplied without a User ID'));
throw new errs.AuthError("User Token supplied without a User ID");
}
const tokenUserId = tokenData.attrs.id ? tokenData.attrs.id : 0;
if (typeof objectCache[objectType] !== "undefined") {
objects = objectCache[objectType];
} else { } else {
switch (objectType) { let token_user_id = token_data.attrs.id ? token_data.attrs.id : 0;
let query;
if (typeof object_cache[object_type] === 'undefined') {
switch (object_type) {
// USERS - should only return yourself // USERS - should only return yourself
case "users": case 'users':
objects = tokenUserId ? [tokenUserId] : []; resolve(token_user_id ? [token_user_id] : []);
break; break;
// Proxy Hosts // Proxy Hosts
case "proxy_hosts": { case 'proxy_hosts':
const query = proxyHostModel query = proxyHostModel
.query() .query()
.select("id") .select('id')
.andWhere("is_deleted", 0); .andWhere('is_deleted', 0);
if (permissions.visibility === "user") { if (permissions.visibility === 'user') {
query.andWhere("owner_user_id", tokenUserId); query.andWhere('owner_user_id', token_user_id);
} }
const rows = await query; resolve(query
objects = []; .then((rows) => {
_.forEach(rows, (ruleRow) => { let result = [];
objects.push(ruleRow.id); _.forEach(rows, (rule_row) => {
result.push(rule_row.id);
}); });
// enum should not have less than 1 item // enum should not have less than 1 item
if (!objects.length) { if (!result.length) {
objects.push(0); result.push(0);
} }
return result;
})
);
break;
// DEFAULT: null
default:
resolve(null);
break; break;
} }
} } else {
objectCache[objectType] = objects; resolve(object_cache[object_type]);
} }
} }
} else {
resolve(null);
}
})
.then((objects) => {
object_cache[object_type] = objects;
return objects; return objects;
});
}; };
/** /**
* Creates a schema object on the fly with the IDs and other values required to be checked against the permissionSchema * Creates a schema object on the fly with the IDs and other values required to be checked against the permissionSchema
* *
* @param {String} permissionLabel * @param {String} permission_label
* @returns {Object} * @returns {Object}
*/ */
this.getObjectSchema = async (permissionLabel) => { this.getObjectSchema = (permission_label) => {
const baseObjectType = permissionLabel.split(":").shift(); let base_object_type = permission_label.split(':').shift();
const schema = { let schema = {
$id: "objects", $id: 'objects',
description: "Actor Properties", description: 'Actor Properties',
type: "object", type: 'object',
additionalProperties: false, additionalProperties: false,
properties: { properties: {
user_id: { user_id: {
anyOf: [ anyOf: [
{ {
type: "number", type: 'number',
enum: [Token.get("attrs").id], enum: [Token.get('attrs').id]
}, }
], ]
}, },
scope: { scope: {
type: "string", type: 'string',
pattern: `^${Token.get("scope")}$`, pattern: '^' + Token.get('scope') + '$'
}, }
}, }
}; };
const result = await this.loadObjects(baseObjectType); return this.loadObjects(base_object_type)
if (typeof result === "object" && result !== null) { .then((object_result) => {
schema.properties[baseObjectType] = { if (typeof object_result === 'object' && object_result !== null) {
type: "number", schema.properties[base_object_type] = {
enum: result, type: 'number',
minimum: 1, enum: object_result,
minimum: 1
}; };
} else { } else {
schema.properties[baseObjectType] = { schema.properties[base_object_type] = {
type: "number", type: 'number',
minimum: 1, minimum: 1
}; };
} }
return schema; return schema;
});
}; };
// here:
return { return {
token: Token, token: Token,
/** /**
* *
* @param {Boolean} [allowInternal] * @param {Boolean} [allow_internal]
* @returns {Promise} * @returns {Promise}
*/ */
load: async (allowInternal) => { load: (allow_internal) => {
if (tokenString) { return new Promise(function (resolve/*, reject*/) {
return await Token.load(tokenString); if (token_string) {
resolve(Token.load(token_string));
} else {
allow_internal_access = allow_internal;
resolve(allow_internal_access || null);
} }
allowInternalAccess = allowInternal; });
return allowInternal || null;
}, },
reloadObjects: this.loadObjects, reloadObjects: this.loadObjects,
@@ -220,59 +240,68 @@ export default function (tokenString) {
* @param {*} [data] * @param {*} [data]
* @returns {Promise} * @returns {Promise}
*/ */
can: async (permission, data) => { can: (permission, data) => {
if (allowInternalAccess === true) { if (allow_internal_access === true) {
return true; return Promise.resolve(true);
} //return true;
} else {
try { return this.init()
await this.init(); .then(() => {
const objectSchema = await this.getObjectSchema(permission); // Initialised, token decoded ok
return this.getObjectSchema(permission)
const dataSchema = { .then((objectSchema) => {
const data_schema = {
[permission]: { [permission]: {
data: data, data: data,
scope: Token.get("scope"), scope: Token.get('scope'),
roles: userRoles, roles: user_roles,
permission_visibility: permissions.visibility, permission_visibility: permissions.visibility,
permission_proxy_hosts: permissions.proxy_hosts, permission_proxy_hosts: permissions.proxy_hosts,
permission_redirection_hosts: permissions.redirection_hosts, permission_redirection_hosts: permissions.redirection_hosts,
permission_dead_hosts: permissions.dead_hosts, permission_dead_hosts: permissions.dead_hosts,
permission_streams: permissions.streams, permission_streams: permissions.streams,
permission_access_lists: permissions.access_lists, permission_access_lists: permissions.access_lists,
permission_certificates: permissions.certificates, permission_certificates: permissions.certificates
}, }
}; };
const permissionSchema = { let permissionSchema = {
$async: true, $async: true,
$id: "permissions", $id: 'permissions',
type: "object", type: 'object',
additionalProperties: false, additionalProperties: false,
properties: {}, properties: {}
}; };
const rawData = fs.readFileSync(`${__dirname}/access/${permission.replace(/:/gim, "-")}.json`, { permissionSchema.properties[permission] = require('./access/' + permission.replace(/:/gim, '-') + '.json');
encoding: "utf8",
});
permissionSchema.properties[permission] = JSON.parse(rawData);
const ajv = new Ajv({ const ajv = new Ajv({
verbose: true, verbose: true,
allErrors: true, allErrors: true,
breakOnError: true, breakOnError: true,
coerceTypes: true, coerceTypes: true,
schemas: [roleSchema, permsSchema, objectSchema, permissionSchema], schemas: [
roleSchema,
permsSchema,
objectSchema,
permissionSchema
]
}); });
const valid = await ajv.validate("permissions", dataSchema); return ajv.validate('permissions', data_schema)
return valid && dataSchema[permission]; .then(() => {
} catch (err) { return data_schema[permission];
});
});
})
.catch((err) => {
err.permission = permission; err.permission = permission;
err.permission_data = data; err.permission_data = data;
logger.error(permission, data, err.message); logger.error(permission, data, err.message);
throw errs.PermissionError("Permission Denied", err);
throw new error.PermissionError('Permission Denied', err);
});
}
} }
},
}; };
} };

98
backend/lib/certbot.js
View File

@@ -1,53 +1,17 @@
import batchflow from "batchflow"; const dnsPlugins = require('../global/certbot-dns-plugins.json');
import dnsPlugins from "../certbot/dns-plugins.json" with { type: "json" }; const utils = require('./utils');
import { certbot as logger } from "../logger.js"; const error = require('./error');
import errs from "./error.js"; const logger = require('../logger').certbot;
import utils from "./utils.js"; const batchflow = require('batchflow');
const CERTBOT_VERSION_REPLACEMENT = "$(certbot --version | grep -Eo '[0-9](\\.[0-9]+)+')"; const CERTBOT_VERSION_REPLACEMENT = '$(certbot --version | grep -Eo \'[0-9](\\.[0-9]+)+\')';
/** const certbot = {
* Installs a cerbot plugin given the key for the object from
* ../certbot/dns-plugins.json
*
* @param {string} pluginKey
* @returns {Object}
*/
const installPlugin = async (pluginKey) => {
if (typeof dnsPlugins[pluginKey] === "undefined") {
// throw Error(`Certbot plugin ${pluginKey} not found`);
throw new errs.ItemNotFoundError(pluginKey);
}
const plugin = dnsPlugins[pluginKey]; /**
logger.start(`Installing ${pluginKey}...`);
plugin.version = plugin.version.replace(/{{certbot-version}}/g, CERTBOT_VERSION_REPLACEMENT);
plugin.dependencies = plugin.dependencies.replace(/{{certbot-version}}/g, CERTBOT_VERSION_REPLACEMENT);
// SETUPTOOLS_USE_DISTUTILS is required for certbot plugins to install correctly
// in new versions of Python
let env = Object.assign({}, process.env, { SETUPTOOLS_USE_DISTUTILS: "stdlib" });
if (typeof plugin.env === "object") {
env = Object.assign(env, plugin.env);
}
const cmd = `. /opt/certbot/bin/activate && pip install --no-cache-dir ${plugin.dependencies} ${plugin.package_name}${plugin.version} && deactivate`;
return utils
.exec(cmd, { env })
.then((result) => {
logger.complete(`Installed ${pluginKey}`);
return result;
})
.catch((err) => {
throw err;
});
};
/**
* @param {array} pluginKeys * @param {array} pluginKeys
*/ */
const installPlugins = async (pluginKeys) => { installPlugins: async function (pluginKeys) {
let hasErrors = false; let hasErrors = false;
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
@@ -56,10 +20,9 @@ const installPlugins = async (pluginKeys) => {
return; return;
} }
batchflow(pluginKeys) batchflow(pluginKeys).sequential()
.sequential() .each((i, pluginKey, next) => {
.each((_i, pluginKey, next) => { certbot.installPlugin(pluginKey)
installPlugin(pluginKey)
.then(() => { .then(() => {
next(); next();
}) })
@@ -73,14 +36,43 @@ const installPlugins = async (pluginKeys) => {
}) })
.end(() => { .end(() => {
if (hasErrors) { if (hasErrors) {
reject( reject(new error.CommandError('Some plugins failed to install. Please check the logs above', 1));
new errs.CommandError("Some plugins failed to install. Please check the logs above", 1),
);
} else { } else {
resolve(); resolve();
} }
}); });
}); });
},
/**
* Installs a cerbot plugin given the key for the object from
* ../global/certbot-dns-plugins.json
*
* @param {string} pluginKey
* @returns {Object}
*/
installPlugin: async function (pluginKey) {
if (typeof dnsPlugins[pluginKey] === 'undefined') {
// throw Error(`Certbot plugin ${pluginKey} not found`);
throw new error.ItemNotFoundError(pluginKey);
}
const plugin = dnsPlugins[pluginKey];
logger.start(`Installing ${pluginKey}...`);
plugin.version = plugin.version.replace(/{{certbot-version}}/g, CERTBOT_VERSION_REPLACEMENT);
plugin.dependencies = plugin.dependencies.replace(/{{certbot-version}}/g, CERTBOT_VERSION_REPLACEMENT);
const cmd = '. /opt/certbot/bin/activate && pip install --no-cache-dir ' + plugin.dependencies + ' ' + plugin.package_name + plugin.version + ' ' + ' && deactivate';
return utils.exec(cmd)
.then((result) => {
logger.complete(`Installed ${pluginKey}`);
return result;
})
.catch((err) => {
throw err;
});
},
}; };
export { installPlugins, installPlugin }; module.exports = certbot;

162
backend/lib/config.js
View File

@@ -1,29 +1,24 @@
import fs from "node:fs"; const fs = require('fs');
import NodeRSA from "node-rsa"; const NodeRSA = require('node-rsa');
import { global as logger } from "../logger.js"; const logger = require('../logger').global;
const keysFile = '/data/keys.json'; const keysFile = '/data/keys.json';
const mysqlEngine = 'mysql2';
const postgresEngine = 'pg';
const sqliteClientName = 'sqlite3';
let instance = null; let instance = null;
// 1. Load from config file first (not recommended anymore) // 1. Load from config file first (not recommended anymore)
// 2. Use config env variables next // 2. Use config env variables next
const configure = () => { const configure = () => {
const filename = `${process.env.NODE_CONFIG_DIR || "./config"}/${process.env.NODE_ENV || "default"}.json`; const filename = (process.env.NODE_CONFIG_DIR || './config') + '/' + (process.env.NODE_ENV || 'default') + '.json';
if (fs.existsSync(filename)) { if (fs.existsSync(filename)) {
let configData; let configData;
try { try {
// Load this json synchronously configData = require(filename);
const rawData = fs.readFileSync(filename); } catch (err) {
configData = JSON.parse(rawData);
} catch (_) {
// do nothing // do nothing
} }
if (configData?.database) { if (configData && configData.database) {
logger.info(`Using configuration from file: ${filename}`); logger.info(`Using configuration from file: ${filename}`);
instance = configData; instance = configData;
instance.keys = getKeys(); instance.keys = getKeys();
@@ -36,10 +31,10 @@ const configure = () => {
const envMysqlName = process.env.DB_MYSQL_NAME || null; const envMysqlName = process.env.DB_MYSQL_NAME || null;
if (envMysqlHost && envMysqlUser && envMysqlName) { if (envMysqlHost && envMysqlUser && envMysqlName) {
// we have enough mysql creds to go with mysql // we have enough mysql creds to go with mysql
logger.info("Using MySQL configuration"); logger.info('Using MySQL configuration');
instance = { instance = {
database: { database: {
engine: mysqlEngine, engine: 'mysql2',
host: envMysqlHost, host: envMysqlHost,
port: process.env.DB_MYSQL_PORT || 3306, port: process.env.DB_MYSQL_PORT || 3306,
user: envMysqlUser, user: envMysqlUser,
@@ -51,38 +46,18 @@ const configure = () => {
return; return;
} }
const envPostgresHost = process.env.DB_POSTGRES_HOST || null; const envSqliteFile = process.env.DB_SQLITE_FILE || '/data/database.sqlite';
const envPostgresUser = process.env.DB_POSTGRES_USER || null;
const envPostgresName = process.env.DB_POSTGRES_NAME || null;
if (envPostgresHost && envPostgresUser && envPostgresName) {
// we have enough postgres creds to go with postgres
logger.info("Using Postgres configuration");
instance = {
database: {
engine: postgresEngine,
host: envPostgresHost,
port: process.env.DB_POSTGRES_PORT || 5432,
user: envPostgresUser,
password: process.env.DB_POSTGRES_PASSWORD,
name: envPostgresName,
},
keys: getKeys(),
};
return;
}
const envSqliteFile = process.env.DB_SQLITE_FILE || "/data/database.sqlite";
logger.info(`Using Sqlite: ${envSqliteFile}`); logger.info(`Using Sqlite: ${envSqliteFile}`);
instance = { instance = {
database: { database: {
engine: "knex-native", engine: 'knex-native',
knex: { knex: {
client: sqliteClientName, client: 'sqlite3',
connection: { connection: {
filename: envSqliteFile, filename: envSqliteFile
},
useNullAsDefault: true,
}, },
useNullAsDefault: true
}
}, },
keys: getKeys(), keys: getKeys(),
}; };
@@ -90,55 +65,54 @@ const configure = () => {
const getKeys = () => { const getKeys = () => {
// Get keys from file // Get keys from file
logger.debug("Cheecking for keys file:", keysFile);
if (!fs.existsSync(keysFile)) { if (!fs.existsSync(keysFile)) {
generateKeys(); generateKeys();
} else if (process.env.DEBUG) { } else if (process.env.DEBUG) {
logger.info("Keys file exists OK"); logger.info('Keys file exists OK');
} }
try { try {
// Load this json keysFile synchronously and return the json object return require(keysFile);
const rawData = fs.readFileSync(keysFile);
return JSON.parse(rawData);
} catch (err) { } catch (err) {
logger.error(`Could not read JWT key pair from config file: ${keysFile}`, err); logger.error('Could not read JWT key pair from config file: ' + keysFile, err);
process.exit(1); process.exit(1);
} }
}; };
const generateKeys = () => { const generateKeys = () => {
logger.info("Creating a new JWT key pair..."); logger.info('Creating a new JWT key pair...');
// Now create the keys and save them in the config. // Now create the keys and save them in the config.
const key = new NodeRSA({ b: 2048 }); const key = new NodeRSA({ b: 2048 });
key.generateKeyPair(); key.generateKeyPair();
const keys = { const keys = {
key: key.exportKey("private").toString(), key: key.exportKey('private').toString(),
pub: key.exportKey("public").toString(), pub: key.exportKey('public').toString(),
}; };
// Write keys config // Write keys config
try { try {
fs.writeFileSync(keysFile, JSON.stringify(keys, null, 2)); fs.writeFileSync(keysFile, JSON.stringify(keys, null, 2));
} catch (err) { } catch (err) {
logger.error(`Could not write JWT key pair to config file: ${keysFile}: ${err.message}`); logger.error('Could not write JWT key pair to config file: ' + keysFile + ': ' + err.message);
process.exit(1); process.exit(1);
} }
logger.info(`Wrote JWT key pair to config file: ${keysFile}`); logger.info('Wrote JWT key pair to config file: ' + keysFile);
}; };
/** module.exports = {
/**
* *
* @param {string} key ie: 'database' or 'database.engine' * @param {string} key ie: 'database' or 'database.engine'
* @returns {boolean} * @returns {boolean}
*/ */
const configHas = (key) => { has: function(key) {
instance === null && configure(); instance === null && configure();
const keys = key.split("."); const keys = key.split('.');
let level = instance; let level = instance;
let has = true; let has = true;
keys.forEach((keyItem) => { keys.forEach((keyItem) =>{
if (typeof level[keyItem] === "undefined") { if (typeof level[keyItem] === 'undefined') {
has = false; has = false;
} else { } else {
level = level[keyItem]; level = level[keyItem];
@@ -146,99 +120,75 @@ const configHas = (key) => {
}); });
return has; return has;
}; },
/** /**
* Gets a specific key from the top level * Gets a specific key from the top level
* *
* @param {string} key * @param {string} key
* @returns {*} * @returns {*}
*/ */
const configGet = (key) => { get: function (key) {
instance === null && configure(); instance === null && configure();
if (key && typeof instance[key] !== "undefined") { if (key && typeof instance[key] !== 'undefined') {
return instance[key]; return instance[key];
} }
return instance; return instance;
}; },
/** /**
* Is this a sqlite configuration? * Is this a sqlite configuration?
* *
* @returns {boolean} * @returns {boolean}
*/ */
const isSqlite = () => { isSqlite: function () {
instance === null && configure(); instance === null && configure();
return instance.database.knex && instance.database.knex.client === sqliteClientName; return instance.database.knex && instance.database.knex.client === 'sqlite3';
}; },
/** /**
* Is this a mysql configuration?
*
* @returns {boolean}
*/
const isMysql = () => {
instance === null && configure();
return instance.database.engine === mysqlEngine;
};
/**
* Is this a postgres configuration?
*
* @returns {boolean}
*/
const isPostgres = () => {
instance === null && configure();
return instance.database.engine === postgresEngine;
};
/**
* Are we running in debug mdoe? * Are we running in debug mdoe?
* *
* @returns {boolean} * @returns {boolean}
*/ */
const isDebugMode = () => !!process.env.DEBUG; debug: function () {
return !!process.env.DEBUG;
},
/** /**
* Are we running in CI?
*
* @returns {boolean}
*/
const isCI = () => process.env.CI === 'true' && process.env.DEBUG === 'true';
/**
* Returns a public key * Returns a public key
* *
* @returns {string} * @returns {string}
*/ */
const getPublicKey = () => { getPublicKey: function () {
instance === null && configure(); instance === null && configure();
return instance.keys.pub; return instance.keys.pub;
}; },
/** /**
* Returns a private key * Returns a private key
* *
* @returns {string} * @returns {string}
*/ */
const getPrivateKey = () => { getPrivateKey: function () {
instance === null && configure(); instance === null && configure();
return instance.keys.key; return instance.keys.key;
}; },
/** /**
* @returns {boolean} * @returns {boolean}
*/ */
const useLetsencryptStaging = () => !!process.env.LE_STAGING; useLetsencryptStaging: function () {
return !!process.env.LE_STAGING;
},
/** /**
* @returns {string|null} * @returns {string|null}
*/ */
const useLetsencryptServer = () => { useLetsencryptServer: function () {
if (process.env.LE_SERVER) { if (process.env.LE_SERVER) {
return process.env.LE_SERVER; return process.env.LE_SERVER;
} }
return null; return null;
}
}; };
export { isCI, configHas, configGet, isSqlite, isMysql, isPostgres, isDebugMode, getPrivateKey, getPublicKey, useLetsencryptStaging, useLetsencryptServer };

26
backend/lib/error.js
View File

@@ -1,11 +1,13 @@
import _ from "lodash"; const _ = require('lodash');
const util = require('util');
const errs = { module.exports = {
PermissionError: function (_, previous) {
PermissionError: function (message, previous) {
Error.captureStackTrace(this, this.constructor); Error.captureStackTrace(this, this.constructor);
this.name = this.constructor.name; this.name = this.constructor.name;
this.previous = previous; this.previous = previous;
this.message = "Permission Denied"; this.message = 'Permission Denied';
this.public = true; this.public = true;
this.status = 403; this.status = 403;
}, },
@@ -14,22 +16,18 @@ const errs = {
Error.captureStackTrace(this, this.constructor); Error.captureStackTrace(this, this.constructor);
this.name = this.constructor.name; this.name = this.constructor.name;
this.previous = previous; this.previous = previous;
this.message = "Not Found"; this.message = 'Item Not Found - ' + id;
if (id) {
this.message = `Not Found - ${id}`;
}
this.public = true; this.public = true;
this.status = 404; this.status = 404;
}, },
AuthError: function (message, messageI18n, previous) { AuthError: function (message, previous) {
Error.captureStackTrace(this, this.constructor); Error.captureStackTrace(this, this.constructor);
this.name = this.constructor.name; this.name = this.constructor.name;
this.previous = previous; this.previous = previous;
this.message = message; this.message = message;
this.message_i18n = messageI18n;
this.public = true; this.public = true;
this.status = 400; this.status = 401;
}, },
InternalError: function (message, previous) { InternalError: function (message, previous) {
@@ -96,8 +94,6 @@ const errs = {
}, },
}; };
_.forEach(errs, (err) => { _.forEach(module.exports, function (error) {
err.prototype = Object.create(Error.prototype); util.inherits(error, Error);
}); });
export default errs;

15
backend/lib/express/cors.js
View File

@@ -1,13 +1,12 @@
export default (req, res, next) => { module.exports = function (req, res, next) {
if (req.headers.origin) { if (req.headers.origin) {
res.set({ res.set({
"Access-Control-Allow-Origin": req.headers.origin, 'Access-Control-Allow-Origin': req.headers.origin,
"Access-Control-Allow-Credentials": true, 'Access-Control-Allow-Credentials': true,
"Access-Control-Allow-Methods": "OPTIONS, GET, POST", 'Access-Control-Allow-Methods': 'OPTIONS, GET, POST',
"Access-Control-Allow-Headers": 'Access-Control-Allow-Headers': 'Content-Type, Cache-Control, Pragma, Expires, Authorization, X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit',
"Content-Type, Cache-Control, Pragma, Expires, Authorization, X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit", 'Access-Control-Max-Age': 5 * 60,
"Access-Control-Max-Age": 5 * 60, 'Access-Control-Expose-Headers': 'X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit'
"Access-Control-Expose-Headers": "X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit",
}); });
next(); next();
} else { } else {

18
backend/lib/express/jwt-decode.js
View File

@@ -1,15 +1,15 @@
import Access from "../access.js"; const Access = require('../access');
export default () => { module.exports = () => {
return async (_, res, next) => { return function (req, res, next) {
try {
res.locals.access = null; res.locals.access = null;
const access = new Access(res.locals.token || null); let access = new Access(res.locals.token || null);
await access.load(); access.load()
.then(() => {
res.locals.access = access; res.locals.access = access;
next(); next();
} catch (err) { })
next(err); .catch(next);
}
}; };
}; };

10
backend/lib/express/jwt.js
View File

@@ -1,13 +1,13 @@
export default function () { module.exports = function () {
return (req, res, next) => { return function (req, res, next) {
if (req.headers.authorization) { if (req.headers.authorization) {
const parts = req.headers.authorization.split(" "); let parts = req.headers.authorization.split(' ');
if (parts && parts[0] === "Bearer" && parts[1]) { if (parts && parts[0] === 'Bearer' && parts[1]) {
res.locals.token = parts[1]; res.locals.token = parts[1];
} }
} }
next(); next();
}; };
} };

32
backend/lib/express/pagination.js
View File

@@ -1,6 +1,7 @@
import _ from "lodash"; let _ = require('lodash');
module.exports = function (default_sort, default_offset, default_limit, max_limit) {
export default (default_sort, default_offset, default_limit, max_limit) => {
/** /**
* This will setup the req query params with filtered data and defaults * This will setup the req query params with filtered data and defaults
* *
@@ -10,35 +11,34 @@ export default (default_sort, default_offset, default_limit, max_limit) => {
* *
*/ */
return (req, _res, next) => { return function (req, res, next) {
req.query.offset =
typeof req.query.limit === "undefined" ? default_offset || 0 : Number.parseInt(req.query.offset, 10); req.query.offset = typeof req.query.limit === 'undefined' ? default_offset || 0 : parseInt(req.query.offset, 10);
req.query.limit = req.query.limit = typeof req.query.limit === 'undefined' ? default_limit || 50 : parseInt(req.query.limit, 10);
typeof req.query.limit === "undefined" ? default_limit || 50 : Number.parseInt(req.query.limit, 10);
if (max_limit && req.query.limit > max_limit) { if (max_limit && req.query.limit > max_limit) {
req.query.limit = max_limit; req.query.limit = max_limit;
} }
// Sorting // Sorting
let sort = typeof req.query.sort === "undefined" ? default_sort : req.query.sort; let sort = typeof req.query.sort === 'undefined' ? default_sort : req.query.sort;
const myRegexp = /.*\.(asc|desc)$/gi; let myRegexp = /.*\.(asc|desc)$/ig;
const sort_array = []; let sort_array = [];
sort = sort.split(","); sort = sort.split(',');
_.map(sort, (val) => { _.map(sort, function (val) {
const matches = myRegexp.exec(val); let matches = myRegexp.exec(val);
if (matches !== null) { if (matches !== null) {
const dir = matches[1]; let dir = matches[1];
sort_array.push({ sort_array.push({
field: val.substr(0, val.length - (dir.length + 1)), field: val.substr(0, val.length - (dir.length + 1)),
dir: dir.toLowerCase(), dir: dir.toLowerCase()
}); });
} else { } else {
sort_array.push({ sort_array.push({
field: val, field: val,
dir: "asc", dir: 'asc'
}); });
} }
}); });

5
backend/lib/express/user-id-from-me.js
View File

@@ -1,8 +1,9 @@
export default (req, res, next) => { module.exports = (req, res, next) => {
if (req.params.user_id === 'me' && res.locals.access) { if (req.params.user_id === 'me' && res.locals.access) {
req.params.user_id = res.locals.access.token.get('attrs').id; req.params.user_id = res.locals.access.token.get('attrs').id;
} else { } else {
req.params.user_id = Number.parseInt(req.params.user_id, 10); req.params.user_id = parseInt(req.params.user_id, 10);
} }
next(); next();
}; };

40
backend/lib/helpers.js
View File

@@ -1,8 +1,8 @@
import moment from "moment"; const moment = require('moment');
import { ref } from "objection";
import { isPostgres } from "./config.js";
/** module.exports = {
/**
* Takes an expression such as 30d and returns a moment object of that date in future * Takes an expression such as 30d and returns a moment object of that date in future
* *
* Key Shorthand * Key Shorthand
@@ -20,39 +20,31 @@ import { isPostgres } from "./config.js";
* @param {String} expression * @param {String} expression
* @returns {Object} * @returns {Object}
*/ */
const parseDatePeriod = (expression) => { parseDatePeriod: function (expression) {
const matches = expression.match(/^([0-9]+)(y|Q|M|w|d|h|m|s|ms)$/m); let matches = expression.match(/^([0-9]+)(y|Q|M|w|d|h|m|s|ms)$/m);
if (matches) { if (matches) {
return moment().add(matches[1], matches[2]); return moment().add(matches[1], matches[2]);
} }
return null; return null;
}; },
const convertIntFieldsToBool = (obj, fields) => { convertIntFieldsToBool: function (obj, fields) {
fields.forEach((field) => { fields.forEach(function (field) {
if (typeof obj[field] !== "undefined") { if (typeof obj[field] !== 'undefined') {
obj[field] = obj[field] === 1; obj[field] = obj[field] === 1;
} }
}); });
return obj; return obj;
}; },
const convertBoolFieldsToInt = (obj, fields) => { convertBoolFieldsToInt: function (obj, fields) {
fields.forEach((field) => { fields.forEach(function (field) {
if (typeof obj[field] !== "undefined") { if (typeof obj[field] !== 'undefined') {
obj[field] = obj[field] ? 1 : 0; obj[field] = obj[field] ? 1 : 0;
} }
}); });
return obj; return obj;
}
}; };
/**
* Casts a column to json if using postgres
*
* @param {string} colName
* @returns {string|Objection.ReferenceBuilder}
*/
const castJsonIfNeed = (colName) => (isPostgres() ? ref(colName).castText() : colName);
export { parseDatePeriod, convertIntFieldsToBool, convertBoolFieldsToInt, castJsonIfNeed };

38
backend/lib/migrate_template.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'identifier_for_migrate';
const logger = require('../logger').migrate;
const migrateName = "identifier_for_migrate";
/** /**
* Migrate * Migrate
@@ -8,15 +7,16 @@ const migrateName = "identifier_for_migrate";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (_knex) => { exports.up = function (knex, Promise) {
logger.info(`[${migrateName}] Migrating Up...`);
logger.info('[' + migrate_name + '] Migrating Up...');
// Create Table example: // Create Table example:
/* /*return knex.schema.createTable('notification', (table) => {
return knex.schema.createTable('notification', (table) => {
table.increments().primary(); table.increments().primary();
table.string('name').notNull(); table.string('name').notNull();
table.string('type').notNull(); table.string('type').notNull();
@@ -24,11 +24,10 @@ const up = (_knex) => {
table.integer('modified_on').notNull(); table.integer('modified_on').notNull();
}) })
.then(function () { .then(function () {
logger.info('[' + migrateName + '] Notification Table created'); logger.info('[' + migrate_name + '] Notification Table created');
}); });*/
*/
logger.info(`[${migrateName}] Migrating Up Complete`); logger.info('[' + migrate_name + '] Migrating Up Complete');
return Promise.resolve(true); return Promise.resolve(true);
}; };
@@ -37,23 +36,20 @@ const up = (_knex) => {
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (_knex) => { exports.down = function (knex, Promise) {
logger.info(`[${migrateName}] Migrating Down...`); logger.info('[' + migrate_name + '] Migrating Down...');
// Drop table example: // Drop table example:
/* /*return knex.schema.dropTable('notification')
return knex.schema.dropTable('notification')
.then(() => { .then(() => {
logger.info(`[${migrateName}] Notification Table dropped`); logger.info('[' + migrate_name + '] Notification Table dropped');
}); });*/
*/
logger.info(`[${migrateName}] Migrating Down Complete`); logger.info('[' + migrate_name + '] Migrating Down Complete');
return Promise.resolve(true); return Promise.resolve(true);
}; };
export { up, down };

74
backend/lib/utils.js
View File

@@ -1,60 +1,57 @@
import { exec as nodeExec, execFile as nodeExecFile } from "node:child_process"; const _ = require('lodash');
import { dirname } from "node:path"; const exec = require('child_process').exec;
import { fileURLToPath } from "node:url"; const execFile = require('child_process').execFile;
import { Liquid } from "liquidjs"; const { Liquid } = require('liquidjs');
import _ from "lodash"; const logger = require('../logger').global;
import { global as logger } from "../logger.js"; const error = require('./error');
import errs from "./error.js";
const __filename = fileURLToPath(import.meta.url); module.exports = {
const __dirname = dirname(__filename);
exec: async function(cmd, options = {}) {
logger.debug('CMD:', cmd);
const exec = async (cmd, options = {}) => {
logger.debug("CMD:", cmd);
const { stdout, stderr } = await new Promise((resolve, reject) => { const { stdout, stderr } = await new Promise((resolve, reject) => {
const child = nodeExec(cmd, options, (isError, stdout, stderr) => { const child = exec(cmd, options, (isError, stdout, stderr) => {
if (isError) { if (isError) {
reject(new errs.CommandError(stderr, isError)); reject(new error.CommandError(stderr, isError));
} else { } else {
resolve({ stdout, stderr }); resolve({ stdout, stderr });
} }
}); });
child.on("error", (e) => { child.on('error', (e) => {
reject(new errs.CommandError(stderr, 1, e)); reject(new error.CommandError(stderr, 1, e));
}); });
}); });
return stdout; return stdout;
}; },
/** /**
* @param {String} cmd * @param {String} cmd
* @param {Array} args * @param {Array} args
* @param {Object|undefined} options
* @returns {Promise} * @returns {Promise}
*/ */
const execFile = (cmd, args, options) => { execFile: function (cmd, args) {
logger.debug(`CMD: ${cmd} ${args ? args.join(" ") : ""}`); // logger.debug('CMD: ' + cmd + ' ' + (args ? args.join(' ') : ''));
const opts = options || {};
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
nodeExecFile(cmd, args, opts, (err, stdout, stderr) => { execFile(cmd, args, function (err, stdout, /*stderr*/) {
if (err && typeof err === "object") { if (err && typeof err === 'object') {
reject(new errs.CommandError(stderr, 1, err)); reject(err);
} else { } else {
resolve(stdout.trim()); resolve(stdout.trim());
} }
}); });
}); });
}; },
/** /**
* Used in objection query builder * Used in objection query builder
* *
* @param {Array} omissions * @param {Array} omissions
* @returns {Function} * @returns {Function}
*/ */
const omitRow = (omissions) => { omitRow: function (omissions) {
/** /**
* @param {Object} row * @param {Object} row
* @returns {Object} * @returns {Object}
@@ -62,15 +59,15 @@ const omitRow = (omissions) => {
return (row) => { return (row) => {
return _.omit(row, omissions); return _.omit(row, omissions);
}; };
}; },
/** /**
* Used in objection query builder * Used in objection query builder
* *
* @param {Array} omissions * @param {Array} omissions
* @returns {Function} * @returns {Function}
*/ */
const omitRows = (omissions) => { omitRows: function (omissions) {
/** /**
* @param {Array} rows * @param {Array} rows
* @returns {Object} * @returns {Object}
@@ -81,14 +78,14 @@ const omitRows = (omissions) => {
}); });
return rows; return rows;
}; };
}; },
/** /**
* @returns {Object} Liquid render engine * @returns {Object} Liquid render engine
*/ */
const getRenderEngine = () => { getRenderEngine: function () {
const renderEngine = new Liquid({ const renderEngine = new Liquid({
root: `${__dirname}/../templates/`, root: __dirname + '/../templates/'
}); });
/** /**
@@ -97,14 +94,13 @@ const getRenderEngine = () => {
* directive string * directive string
* address string * address string
*/ */
renderEngine.registerFilter("nginxAccessRule", (v) => { renderEngine.registerFilter('nginxAccessRule', (v) => {
if (typeof v.directive !== "undefined" && typeof v.address !== "undefined" && v.directive && v.address) { if (typeof v.directive !== 'undefined' && typeof v.address !== 'undefined' && v.directive && v.address) {
return `${v.directive} ${v.address};`; return `${v.directive} ${v.address};`;
} }
return ""; return '';
}); });
return renderEngine; return renderEngine;
}
}; };
export default { exec, execFile, omitRow, omitRows, getRenderEngine };

40
backend/lib/validator/api.js
View File

@@ -1,5 +1,5 @@
import Ajv from "ajv/dist/2020.js"; const Ajv = require('ajv/dist/2020');
import errs from "../error.js"; const error = require('../error');
const ajv = new Ajv({ const ajv = new Ajv({
verbose: true, verbose: true,
@@ -14,32 +14,30 @@ const ajv = new Ajv({
* @param {Object} payload * @param {Object} payload
* @returns {Promise} * @returns {Promise}
*/ */
const apiValidator = async (schema, payload /*, description*/) => { function apiValidator (schema, payload/*, description*/) {
if (!schema) { return new Promise(function Promise_apiValidator (resolve, reject) {
throw new errs.ValidationError("Schema is undefined"); if (schema === null) {
reject(new error.ValidationError('Schema is undefined'));
return;
} }
// Can't use falsy check here as valid payload could be `0` or `false` if (typeof payload === 'undefined') {
if (typeof payload === "undefined") { reject(new error.ValidationError('Payload is undefined'));
throw new errs.ValidationError("Payload is undefined"); return;
} }
const validate = ajv.compile(schema); const validate = ajv.compile(schema);
const valid = validate(payload); const valid = validate(payload);
if (valid && !validate.errors) { if (valid && !validate.errors) {
return payload; resolve(payload);
} else {
let message = ajv.errorsText(validate.errors);
let err = new error.ValidationError(message);
err.debug = [validate.errors, payload];
reject(err);
} }
});
}
module.exports = apiValidator;
const message = ajv.errorsText(validate.errors);
const err = new errs.ValidationError(message);
err.debug = {validationErrors: validate.errors, payload};
throw err;
};
export default apiValidator;

28
backend/lib/validator/index.js
View File

@@ -1,7 +1,7 @@
import Ajv from 'ajv/dist/2020.js'; const _ = require('lodash');
import _ from "lodash"; const Ajv = require('ajv/dist/2020');
import commonDefinitions from "../../schema/common.json" with { type: "json" }; const error = require('../error');
import errs from "../error.js"; const commonDefinitions = require('../../schema/common.json');
RegExp.prototype.toJSON = RegExp.prototype.toString; RegExp.prototype.toJSON = RegExp.prototype.toString;
@@ -11,7 +11,7 @@ const ajv = new Ajv({
allowUnionTypes: true, allowUnionTypes: true,
coerceTypes: true, coerceTypes: true,
strict: false, strict: false,
schemas: [commonDefinitions], schemas: [commonDefinitions]
}); });
/** /**
@@ -20,26 +20,26 @@ const ajv = new Ajv({
* @param {Object} payload * @param {Object} payload
* @returns {Promise} * @returns {Promise}
*/ */
const validator = (schema, payload) => { function validator (schema, payload) {
return new Promise((resolve, reject) => { return new Promise(function (resolve, reject) {
if (!payload) { if (!payload) {
reject(new errs.InternalValidationError("Payload is falsy")); reject(new error.InternalValidationError('Payload is falsy'));
} else { } else {
try { try {
const validate = ajv.compile(schema); let validate = ajv.compile(schema);
const valid = validate(payload); let valid = validate(payload);
if (valid && !validate.errors) { if (valid && !validate.errors) {
resolve(_.cloneDeep(payload)); resolve(_.cloneDeep(payload));
} else { } else {
const message = ajv.errorsText(validate.errors); let message = ajv.errorsText(validate.errors);
reject(new errs.InternalValidationError(message)); reject(new error.InternalValidationError(message));
} }
} catch (err) { } catch (err) {
reject(err); reject(err);
} }
} }
}); });
}; }
export default validator; module.exports = validator;

28
backend/logger.js
View File

@@ -1,18 +1,14 @@
import signale from "signale"; const {Signale} = require('signale');
const opts = { module.exports = {
logLevel: "info", global: new Signale({scope: 'Global '}),
migrate: new Signale({scope: 'Migrate '}),
express: new Signale({scope: 'Express '}),
access: new Signale({scope: 'Access '}),
nginx: new Signale({scope: 'Nginx '}),
ssl: new Signale({scope: 'SSL '}),
certbot: new Signale({scope: 'Certbot '}),
import: new Signale({scope: 'Importer '}),
setup: new Signale({scope: 'Setup '}),
ip_ranges: new Signale({scope: 'IP Ranges'})
}; };
const global = new signale.Signale({ scope: "Global ", ...opts });
const migrate = new signale.Signale({ scope: "Migrate ", ...opts });
const express = new signale.Signale({ scope: "Express ", ...opts });
const access = new signale.Signale({ scope: "Access ", ...opts });
const nginx = new signale.Signale({ scope: "Nginx ", ...opts });
const ssl = new signale.Signale({ scope: "SSL ", ...opts });
const certbot = new signale.Signale({ scope: "Certbot ", ...opts });
const importer = new signale.Signale({ scope: "Importer ", ...opts });
const setup = new signale.Signale({ scope: "Setup ", ...opts });
const ipRanges = new signale.Signale({ scope: "IP Ranges", ...opts });
export { global, migrate, express, access, nginx, ssl, certbot, importer, setup, ipRanges };

22
backend/migrate.js
View File

@@ -1,13 +1,15 @@
import db from "./db.js"; const db = require('./db');
import { migrate as logger } from "./logger.js"; const logger = require('./logger').migrate;
const migrateUp = async () => { module.exports = {
const version = await db.migrate.currentVersion(); latest: function () {
logger.info("Current database version:", version); return db.migrate.currentVersion()
return await db.migrate.latest({ .then((version) => {
tableName: "migrations", logger.info('Current database version:', version);
directory: "migrations", return db.migrate.latest({
tableName: 'migrations',
directory: 'migrations'
}); });
});
}
}; };
export { migrateUp };

263
backend/migrations/20180618015850_initial.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'initial-schema';
const logger = require('../logger').migrate;
const migrateName = "initial-schema";
/** /**
* Migrate * Migrate
@@ -8,199 +7,199 @@ const migrateName = "initial-schema";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Up...`); logger.info('[' + migrate_name + '] Migrating Up...');
return knex.schema return knex.schema.createTable('auth', (table) => {
.createTable("auth", (table) => {
table.increments().primary(); table.increments().primary();
table.dateTime("created_on").notNull(); table.dateTime('created_on').notNull();
table.dateTime("modified_on").notNull(); table.dateTime('modified_on').notNull();
table.integer("user_id").notNull().unsigned(); table.integer('user_id').notNull().unsigned();
table.string("type", 30).notNull(); table.string('type', 30).notNull();
table.string("secret").notNull(); table.string('secret').notNull();
table.json("meta").notNull(); table.json('meta').notNull();
table.integer("is_deleted").notNull().unsigned().defaultTo(0); table.integer('is_deleted').notNull().unsigned().defaultTo(0);
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] auth Table created`); logger.info('[' + migrate_name + '] auth Table created');
return knex.schema.createTable("user", (table) => { return knex.schema.createTable('user', (table) => {
table.increments().primary(); table.increments().primary();
table.dateTime("created_on").notNull(); table.dateTime('created_on').notNull();
table.dateTime("modified_on").notNull(); table.dateTime('modified_on').notNull();
table.integer("is_deleted").notNull().unsigned().defaultTo(0); table.integer('is_deleted').notNull().unsigned().defaultTo(0);
table.integer("is_disabled").notNull().unsigned().defaultTo(0); table.integer('is_disabled').notNull().unsigned().defaultTo(0);
table.string("email").notNull(); table.string('email').notNull();
table.string("name").notNull(); table.string('name').notNull();
table.string("nickname").notNull(); table.string('nickname').notNull();
table.string("avatar").notNull(); table.string('avatar').notNull();
table.json("roles").notNull(); table.json('roles').notNull();
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] user Table created`); logger.info('[' + migrate_name + '] user Table created');
return knex.schema.createTable("user_permission", (table) => { return knex.schema.createTable('user_permission', (table) => {
table.increments().primary(); table.increments().primary();
table.dateTime("created_on").notNull(); table.dateTime('created_on').notNull();
table.dateTime("modified_on").notNull(); table.dateTime('modified_on').notNull();
table.integer("user_id").notNull().unsigned(); table.integer('user_id').notNull().unsigned();
table.string("visibility").notNull(); table.string('visibility').notNull();
table.string("proxy_hosts").notNull(); table.string('proxy_hosts').notNull();
table.string("redirection_hosts").notNull(); table.string('redirection_hosts').notNull();
table.string("dead_hosts").notNull(); table.string('dead_hosts').notNull();
table.string("streams").notNull(); table.string('streams').notNull();
table.string("access_lists").notNull(); table.string('access_lists').notNull();
table.string("certificates").notNull(); table.string('certificates').notNull();
table.unique("user_id"); table.unique('user_id');
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] user_permission Table created`); logger.info('[' + migrate_name + '] user_permission Table created');
return knex.schema.createTable("proxy_host", (table) => { return knex.schema.createTable('proxy_host', (table) => {
table.increments().primary(); table.increments().primary();
table.dateTime("created_on").notNull(); table.dateTime('created_on').notNull();
table.dateTime("modified_on").notNull(); table.dateTime('modified_on').notNull();
table.integer("owner_user_id").notNull().unsigned(); table.integer('owner_user_id').notNull().unsigned();
table.integer("is_deleted").notNull().unsigned().defaultTo(0); table.integer('is_deleted').notNull().unsigned().defaultTo(0);
table.json("domain_names").notNull(); table.json('domain_names').notNull();
table.string("forward_ip").notNull(); table.string('forward_ip').notNull();
table.integer("forward_port").notNull().unsigned(); table.integer('forward_port').notNull().unsigned();
table.integer("access_list_id").notNull().unsigned().defaultTo(0); table.integer('access_list_id').notNull().unsigned().defaultTo(0);
table.integer("certificate_id").notNull().unsigned().defaultTo(0); table.integer('certificate_id').notNull().unsigned().defaultTo(0);
table.integer("ssl_forced").notNull().unsigned().defaultTo(0); table.integer('ssl_forced').notNull().unsigned().defaultTo(0);
table.integer("caching_enabled").notNull().unsigned().defaultTo(0); table.integer('caching_enabled').notNull().unsigned().defaultTo(0);
table.integer("block_exploits").notNull().unsigned().defaultTo(0); table.integer('block_exploits').notNull().unsigned().defaultTo(0);
table.text("advanced_config").notNull().defaultTo(""); table.text('advanced_config').notNull().defaultTo('');
table.json("meta").notNull(); table.json('meta').notNull();
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] proxy_host Table created`); logger.info('[' + migrate_name + '] proxy_host Table created');
return knex.schema.createTable("redirection_host", (table) => { return knex.schema.createTable('redirection_host', (table) => {
table.increments().primary(); table.increments().primary();
table.dateTime("created_on").notNull(); table.dateTime('created_on').notNull();
table.dateTime("modified_on").notNull(); table.dateTime('modified_on').notNull();
table.integer("owner_user_id").notNull().unsigned(); table.integer('owner_user_id').notNull().unsigned();
table.integer("is_deleted").notNull().unsigned().defaultTo(0); table.integer('is_deleted').notNull().unsigned().defaultTo(0);
table.json("domain_names").notNull(); table.json('domain_names').notNull();
table.string("forward_domain_name").notNull(); table.string('forward_domain_name').notNull();
table.integer("preserve_path").notNull().unsigned().defaultTo(0); table.integer('preserve_path').notNull().unsigned().defaultTo(0);
table.integer("certificate_id").notNull().unsigned().defaultTo(0); table.integer('certificate_id').notNull().unsigned().defaultTo(0);
table.integer("ssl_forced").notNull().unsigned().defaultTo(0); table.integer('ssl_forced').notNull().unsigned().defaultTo(0);
table.integer("block_exploits").notNull().unsigned().defaultTo(0); table.integer('block_exploits').notNull().unsigned().defaultTo(0);
table.text("advanced_config").notNull().defaultTo(""); table.text('advanced_config').notNull().defaultTo('');
table.json("meta").notNull(); table.json('meta').notNull();
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] redirection_host Table created`); logger.info('[' + migrate_name + '] redirection_host Table created');
return knex.schema.createTable("dead_host", (table) => { return knex.schema.createTable('dead_host', (table) => {
table.increments().primary(); table.increments().primary();
table.dateTime("created_on").notNull(); table.dateTime('created_on').notNull();
table.dateTime("modified_on").notNull(); table.dateTime('modified_on').notNull();
table.integer("owner_user_id").notNull().unsigned(); table.integer('owner_user_id').notNull().unsigned();
table.integer("is_deleted").notNull().unsigned().defaultTo(0); table.integer('is_deleted').notNull().unsigned().defaultTo(0);
table.json("domain_names").notNull(); table.json('domain_names').notNull();
table.integer("certificate_id").notNull().unsigned().defaultTo(0); table.integer('certificate_id').notNull().unsigned().defaultTo(0);
table.integer("ssl_forced").notNull().unsigned().defaultTo(0); table.integer('ssl_forced').notNull().unsigned().defaultTo(0);
table.text("advanced_config").notNull().defaultTo(""); table.text('advanced_config').notNull().defaultTo('');
table.json("meta").notNull(); table.json('meta').notNull();
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] dead_host Table created`); logger.info('[' + migrate_name + '] dead_host Table created');
return knex.schema.createTable("stream", (table) => { return knex.schema.createTable('stream', (table) => {
table.increments().primary(); table.increments().primary();
table.dateTime("created_on").notNull(); table.dateTime('created_on').notNull();
table.dateTime("modified_on").notNull(); table.dateTime('modified_on').notNull();
table.integer("owner_user_id").notNull().unsigned(); table.integer('owner_user_id').notNull().unsigned();
table.integer("is_deleted").notNull().unsigned().defaultTo(0); table.integer('is_deleted').notNull().unsigned().defaultTo(0);
table.integer("incoming_port").notNull().unsigned(); table.integer('incoming_port').notNull().unsigned();
table.string("forward_ip").notNull(); table.string('forward_ip').notNull();
table.integer("forwarding_port").notNull().unsigned(); table.integer('forwarding_port').notNull().unsigned();
table.integer("tcp_forwarding").notNull().unsigned().defaultTo(0); table.integer('tcp_forwarding').notNull().unsigned().defaultTo(0);
table.integer("udp_forwarding").notNull().unsigned().defaultTo(0); table.integer('udp_forwarding').notNull().unsigned().defaultTo(0);
table.json("meta").notNull(); table.json('meta').notNull();
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] stream Table created`); logger.info('[' + migrate_name + '] stream Table created');
return knex.schema.createTable("access_list", (table) => { return knex.schema.createTable('access_list', (table) => {
table.increments().primary(); table.increments().primary();
table.dateTime("created_on").notNull(); table.dateTime('created_on').notNull();
table.dateTime("modified_on").notNull(); table.dateTime('modified_on').notNull();
table.integer("owner_user_id").notNull().unsigned(); table.integer('owner_user_id').notNull().unsigned();
table.integer("is_deleted").notNull().unsigned().defaultTo(0); table.integer('is_deleted').notNull().unsigned().defaultTo(0);
table.string("name").notNull(); table.string('name').notNull();
table.json("meta").notNull(); table.json('meta').notNull();
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] access_list Table created`); logger.info('[' + migrate_name + '] access_list Table created');
return knex.schema.createTable("certificate", (table) => { return knex.schema.createTable('certificate', (table) => {
table.increments().primary(); table.increments().primary();
table.dateTime("created_on").notNull(); table.dateTime('created_on').notNull();
table.dateTime("modified_on").notNull(); table.dateTime('modified_on').notNull();
table.integer("owner_user_id").notNull().unsigned(); table.integer('owner_user_id').notNull().unsigned();
table.integer("is_deleted").notNull().unsigned().defaultTo(0); table.integer('is_deleted').notNull().unsigned().defaultTo(0);
table.string("provider").notNull(); table.string('provider').notNull();
table.string("nice_name").notNull().defaultTo(""); table.string('nice_name').notNull().defaultTo('');
table.json("domain_names").notNull(); table.json('domain_names').notNull();
table.dateTime("expires_on").notNull(); table.dateTime('expires_on').notNull();
table.json("meta").notNull(); table.json('meta').notNull();
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] certificate Table created`); logger.info('[' + migrate_name + '] certificate Table created');
return knex.schema.createTable("access_list_auth", (table) => { return knex.schema.createTable('access_list_auth', (table) => {
table.increments().primary(); table.increments().primary();
table.dateTime("created_on").notNull(); table.dateTime('created_on').notNull();
table.dateTime("modified_on").notNull(); table.dateTime('modified_on').notNull();
table.integer("access_list_id").notNull().unsigned(); table.integer('access_list_id').notNull().unsigned();
table.string("username").notNull(); table.string('username').notNull();
table.string("password").notNull(); table.string('password').notNull();
table.json("meta").notNull(); table.json('meta').notNull();
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] access_list_auth Table created`); logger.info('[' + migrate_name + '] access_list_auth Table created');
return knex.schema.createTable("audit_log", (table) => { return knex.schema.createTable('audit_log', (table) => {
table.increments().primary(); table.increments().primary();
table.dateTime("created_on").notNull(); table.dateTime('created_on').notNull();
table.dateTime("modified_on").notNull(); table.dateTime('modified_on').notNull();
table.integer("user_id").notNull().unsigned(); table.integer('user_id').notNull().unsigned();
table.string("object_type").notNull().defaultTo(""); table.string('object_type').notNull().defaultTo('');
table.integer("object_id").notNull().unsigned().defaultTo(0); table.integer('object_id').notNull().unsigned().defaultTo(0);
table.string("action").notNull(); table.string('action').notNull();
table.json("meta").notNull(); table.json('meta').notNull();
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] audit_log Table created`); logger.info('[' + migrate_name + '] audit_log Table created');
}); });
}; };
/** /**
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (_knex) => { exports.down = function (knex, Promise) {
logger.warn(`[${migrateName}] You can't migrate down the initial data.`); logger.warn('[' + migrate_name + '] You can\'t migrate down the initial data.');
return Promise.resolve(true); return Promise.resolve(true);
}; };
export { up, down };

25
backend/migrations/20180929054513_websockets.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'websockets';
const logger = require('../logger').migrate;
const migrateName = "websockets";
/** /**
* Migrate * Migrate
@@ -8,29 +7,29 @@ const migrateName = "websockets";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Up...`); logger.info('[' + migrate_name + '] Migrating Up...');
return knex.schema return knex.schema.table('proxy_host', function (proxy_host) {
.table("proxy_host", (proxy_host) => { proxy_host.integer('allow_websocket_upgrade').notNull().unsigned().defaultTo(0);
proxy_host.integer("allow_websocket_upgrade").notNull().unsigned().defaultTo(0);
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] proxy_host Table altered`); logger.info('[' + migrate_name + '] proxy_host Table altered');
}); });
}; };
/** /**
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (_knex) => { exports.down = function (knex, Promise) {
logger.warn(`[${migrateName}] You can't migrate down this one.`); logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
return Promise.resolve(true); return Promise.resolve(true);
}; };
export { up, down };

24
backend/migrations/20181019052346_forward_host.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'forward_host';
const logger = require('../logger').migrate;
const migrateName = "forward_host";
/** /**
* Migrate * Migrate
@@ -8,17 +7,17 @@ const migrateName = "forward_host";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Up...`); logger.info('[' + migrate_name + '] Migrating Up...');
return knex.schema return knex.schema.table('proxy_host', function (proxy_host) {
.table("proxy_host", (proxy_host) => { proxy_host.renameColumn('forward_ip', 'forward_host');
proxy_host.renameColumn("forward_ip", "forward_host");
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] proxy_host Table altered`); logger.info('[' + migrate_name + '] proxy_host Table altered');
}); });
}; };
@@ -26,11 +25,10 @@ const up = (knex) => {
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (_knex) => { exports.down = function (knex, Promise) {
logger.warn(`[${migrateName}] You can't migrate down this one.`); logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
return Promise.resolve(true); return Promise.resolve(true);
}; };
export { up, down };

35
backend/migrations/20181113041458_http2_support.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'http2_support';
const logger = require('../logger').migrate;
const migrateName = "http2_support";
/** /**
* Migrate * Migrate
@@ -8,31 +7,31 @@ const migrateName = "http2_support";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Up...`); logger.info('[' + migrate_name + '] Migrating Up...');
return knex.schema return knex.schema.table('proxy_host', function (proxy_host) {
.table("proxy_host", (proxy_host) => { proxy_host.integer('http2_support').notNull().unsigned().defaultTo(0);
proxy_host.integer("http2_support").notNull().unsigned().defaultTo(0);
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] proxy_host Table altered`); logger.info('[' + migrate_name + '] proxy_host Table altered');
return knex.schema.table("redirection_host", (redirection_host) => { return knex.schema.table('redirection_host', function (redirection_host) {
redirection_host.integer("http2_support").notNull().unsigned().defaultTo(0); redirection_host.integer('http2_support').notNull().unsigned().defaultTo(0);
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] redirection_host Table altered`); logger.info('[' + migrate_name + '] redirection_host Table altered');
return knex.schema.table("dead_host", (dead_host) => { return knex.schema.table('dead_host', function (dead_host) {
dead_host.integer("http2_support").notNull().unsigned().defaultTo(0); dead_host.integer('http2_support').notNull().unsigned().defaultTo(0);
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] dead_host Table altered`); logger.info('[' + migrate_name + '] dead_host Table altered');
}); });
}; };
@@ -40,11 +39,11 @@ const up = (knex) => {
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (_knex) => { exports.down = function (knex, Promise) {
logger.warn(`[${migrateName}] You can't migrate down this one.`); logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
return Promise.resolve(true); return Promise.resolve(true);
}; };
export { up, down };

24
backend/migrations/20181213013211_forward_scheme.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'forward_scheme';
const logger = require('../logger').migrate;
const migrateName = "forward_scheme";
/** /**
* Migrate * Migrate
@@ -8,17 +7,17 @@ const migrateName = "forward_scheme";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Up...`); logger.info('[' + migrate_name + '] Migrating Up...');
return knex.schema return knex.schema.table('proxy_host', function (proxy_host) {
.table("proxy_host", (proxy_host) => { proxy_host.string('forward_scheme').notNull().defaultTo('http');
proxy_host.string("forward_scheme").notNull().defaultTo("http");
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] proxy_host Table altered`); logger.info('[' + migrate_name + '] proxy_host Table altered');
}); });
}; };
@@ -26,11 +25,10 @@ const up = (knex) => {
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (_knex) => { exports.down = function (knex, Promise) {
logger.warn(`[${migrateName}] You can't migrate down this one.`); logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
return Promise.resolve(true); return Promise.resolve(true);
}; };
export { up, down };

42
backend/migrations/20190104035154_disabled.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'disabled';
const logger = require('../logger').migrate;
const migrateName = "disabled";
/** /**
* Migrate * Migrate
@@ -8,38 +7,38 @@ const migrateName = "disabled";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Up...`); logger.info('[' + migrate_name + '] Migrating Up...');
return knex.schema return knex.schema.table('proxy_host', function (proxy_host) {
.table("proxy_host", (proxy_host) => { proxy_host.integer('enabled').notNull().unsigned().defaultTo(1);
proxy_host.integer("enabled").notNull().unsigned().defaultTo(1);
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] proxy_host Table altered`); logger.info('[' + migrate_name + '] proxy_host Table altered');
return knex.schema.table("redirection_host", (redirection_host) => { return knex.schema.table('redirection_host', function (redirection_host) {
redirection_host.integer("enabled").notNull().unsigned().defaultTo(1); redirection_host.integer('enabled').notNull().unsigned().defaultTo(1);
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] redirection_host Table altered`); logger.info('[' + migrate_name + '] redirection_host Table altered');
return knex.schema.table("dead_host", (dead_host) => { return knex.schema.table('dead_host', function (dead_host) {
dead_host.integer("enabled").notNull().unsigned().defaultTo(1); dead_host.integer('enabled').notNull().unsigned().defaultTo(1);
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] dead_host Table altered`); logger.info('[' + migrate_name + '] dead_host Table altered');
return knex.schema.table("stream", (stream) => { return knex.schema.table('stream', function (stream) {
stream.integer("enabled").notNull().unsigned().defaultTo(1); stream.integer('enabled').notNull().unsigned().defaultTo(1);
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] stream Table altered`); logger.info('[' + migrate_name + '] stream Table altered');
}); });
}; };
@@ -47,11 +46,10 @@ const up = (knex) => {
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (_knex) => { exports.down = function (knex, Promise) {
logger.warn(`[${migrateName}] You can't migrate down this one.`); logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
return Promise.resolve(true); return Promise.resolve(true);
}; };
export { up, down };

24
backend/migrations/20190215115310_customlocations.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'custom_locations';
const logger = require('../logger').migrate;
const migrateName = "custom_locations";
/** /**
* Migrate * Migrate
@@ -9,17 +8,17 @@ const migrateName = "custom_locations";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Up...`); logger.info('[' + migrate_name + '] Migrating Up...');
return knex.schema return knex.schema.table('proxy_host', function (proxy_host) {
.table("proxy_host", (proxy_host) => { proxy_host.json('locations');
proxy_host.json("locations");
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] proxy_host Table altered`); logger.info('[' + migrate_name + '] proxy_host Table altered');
}); });
}; };
@@ -27,11 +26,10 @@ const up = (knex) => {
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (_knex) => { exports.down = function (knex, Promise) {
logger.warn(`[${migrateName}] You can't migrate down this one.`); logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
return Promise.resolve(true); return Promise.resolve(true);
}; };
export { up, down };

42
backend/migrations/20190218060101_hsts.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'hsts';
const logger = require('../logger').migrate;
const migrateName = "hsts";
/** /**
* Migrate * Migrate
@@ -8,34 +7,34 @@ const migrateName = "hsts";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Up...`); logger.info('[' + migrate_name + '] Migrating Up...');
return knex.schema return knex.schema.table('proxy_host', function (proxy_host) {
.table("proxy_host", (proxy_host) => { proxy_host.integer('hsts_enabled').notNull().unsigned().defaultTo(0);
proxy_host.integer("hsts_enabled").notNull().unsigned().defaultTo(0); proxy_host.integer('hsts_subdomains').notNull().unsigned().defaultTo(0);
proxy_host.integer("hsts_subdomains").notNull().unsigned().defaultTo(0);
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] proxy_host Table altered`); logger.info('[' + migrate_name + '] proxy_host Table altered');
return knex.schema.table("redirection_host", (redirection_host) => { return knex.schema.table('redirection_host', function (redirection_host) {
redirection_host.integer("hsts_enabled").notNull().unsigned().defaultTo(0); redirection_host.integer('hsts_enabled').notNull().unsigned().defaultTo(0);
redirection_host.integer("hsts_subdomains").notNull().unsigned().defaultTo(0); redirection_host.integer('hsts_subdomains').notNull().unsigned().defaultTo(0);
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] redirection_host Table altered`); logger.info('[' + migrate_name + '] redirection_host Table altered');
return knex.schema.table("dead_host", (dead_host) => { return knex.schema.table('dead_host', function (dead_host) {
dead_host.integer("hsts_enabled").notNull().unsigned().defaultTo(0); dead_host.integer('hsts_enabled').notNull().unsigned().defaultTo(0);
dead_host.integer("hsts_subdomains").notNull().unsigned().defaultTo(0); dead_host.integer('hsts_subdomains').notNull().unsigned().defaultTo(0);
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] dead_host Table altered`); logger.info('[' + migrate_name + '] dead_host Table altered');
}); });
}; };
@@ -43,11 +42,10 @@ const up = (knex) => {
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (_knex) => { exports.down = function (knex, Promise) {
logger.warn(`[${migrateName}] You can't migrate down this one.`); logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
return Promise.resolve(true); return Promise.resolve(true);
}; };
export { up, down };

19
backend/migrations/20190227065017_settings.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'settings';
const logger = require('../logger').migrate;
const migrateName = "settings";
/** /**
* Migrate * Migrate
@@ -8,10 +7,11 @@ const migrateName = "settings";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Up...`); logger.info('[' + migrate_name + '] Migrating Up...');
return knex.schema.createTable('setting', (table) => { return knex.schema.createTable('setting', (table) => {
table.string('id').notNull().primary(); table.string('id').notNull().primary();
@@ -21,7 +21,7 @@ const up = (knex) => {
table.json('meta').notNull(); table.json('meta').notNull();
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] setting Table created`); logger.info('[' + migrate_name + '] setting Table created');
}); });
}; };
@@ -29,11 +29,10 @@ const up = (knex) => {
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (_knex) => { exports.down = function (knex, Promise) {
logger.warn(`[${migrateName}] You can't migrate down the initial data.`); logger.warn('[' + migrate_name + '] You can\'t migrate down the initial data.');
return Promise.resolve(true); return Promise.resolve(true);
}; };
export { up, down };

51
backend/migrations/20200410143839_access_list_client.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'access_list_client';
const logger = require('../logger').migrate;
const migrateName = "access_list_client";
/** /**
* Migrate * Migrate
@@ -8,30 +7,32 @@ const migrateName = "access_list_client";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Up...`);
return knex.schema logger.info('[' + migrate_name + '] Migrating Up...');
.createTable("access_list_client", (table) => {
return knex.schema.createTable('access_list_client', (table) => {
table.increments().primary(); table.increments().primary();
table.dateTime("created_on").notNull(); table.dateTime('created_on').notNull();
table.dateTime("modified_on").notNull(); table.dateTime('modified_on').notNull();
table.integer("access_list_id").notNull().unsigned(); table.integer('access_list_id').notNull().unsigned();
table.string("address").notNull(); table.string('address').notNull();
table.string("directive").notNull(); table.string('directive').notNull();
table.json("meta").notNull(); table.json('meta').notNull();
})
.then(() => {
logger.info(`[${migrateName}] access_list_client Table created`);
return knex.schema.table("access_list", (access_list) => { })
access_list.integer("satify_any").notNull().defaultTo(0); .then(function () {
logger.info('[' + migrate_name + '] access_list_client Table created');
return knex.schema.table('access_list', function (access_list) {
access_list.integer('satify_any').notNull().defaultTo(0);
}); });
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] access_list Table altered`); logger.info('[' + migrate_name + '] access_list Table altered');
}); });
}; };
@@ -39,14 +40,14 @@ const up = (knex) => {
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (knex) => { exports.down = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Down...`); logger.info('[' + migrate_name + '] Migrating Down...');
return knex.schema.dropTable("access_list_client").then(() => { return knex.schema.dropTable('access_list_client')
logger.info(`[${migrateName}] access_list_client Table dropped`); .then(() => {
logger.info('[' + migrate_name + '] access_list_client Table dropped');
}); });
}; };
export { up, down };

24
backend/migrations/20200410143840_access_list_client_fix.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'access_list_client_fix';
const logger = require('../logger').migrate;
const migrateName = "access_list_client_fix";
/** /**
* Migrate * Migrate
@@ -8,17 +7,17 @@ const migrateName = "access_list_client_fix";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Up...`); logger.info('[' + migrate_name + '] Migrating Up...');
return knex.schema return knex.schema.table('access_list', function (access_list) {
.table("access_list", (access_list) => { access_list.renameColumn('satify_any', 'satisfy_any');
access_list.renameColumn("satify_any", "satisfy_any");
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] access_list Table altered`); logger.info('[' + migrate_name + '] access_list Table altered');
}); });
}; };
@@ -26,11 +25,10 @@ const up = (knex) => {
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (_knex) => { exports.down = function (knex, Promise) {
logger.warn(`[${migrateName}] You can't migrate down this one.`); logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
return Promise.resolve(true); return Promise.resolve(true);
}; };
export { up, down };

32
backend/migrations/20201014143841_pass_auth.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'pass_auth';
const logger = require('../logger').migrate;
const migrateName = "pass_auth";
/** /**
* Migrate * Migrate
@@ -8,17 +7,18 @@ const migrateName = "pass_auth";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Up...`);
return knex.schema logger.info('[' + migrate_name + '] Migrating Up...');
.table("access_list", (access_list) => {
access_list.integer("pass_auth").notNull().defaultTo(1); return knex.schema.table('access_list', function (access_list) {
access_list.integer('pass_auth').notNull().defaultTo(1);
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] access_list Table altered`); logger.info('[' + migrate_name + '] access_list Table altered');
}); });
}; };
@@ -26,18 +26,16 @@ const up = (knex) => {
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (knex) => { exports.down = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Down...`); logger.info('[' + migrate_name + '] Migrating Down...');
return knex.schema return knex.schema.table('access_list', function (access_list) {
.table("access_list", (access_list) => { access_list.dropColumn('pass_auth');
access_list.dropColumn("pass_auth");
}) })
.then(() => { .then(() => {
logger.info(`[${migrateName}] access_list pass_auth Column dropped`); logger.info('[' + migrate_name + '] access_list pass_auth Column dropped');
}); });
}; };
export { up, down };

36
backend/migrations/20210210154702_redirection_scheme.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'redirection_scheme';
const logger = require('../logger').migrate;
const migrateName = "redirection_scheme";
/** /**
* Migrate * Migrate
@@ -8,17 +7,18 @@ const migrateName = "redirection_scheme";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Up...`);
return knex.schema logger.info('[' + migrate_name + '] Migrating Up...');
.table("redirection_host", (table) => {
table.string("forward_scheme").notNull().defaultTo("$scheme"); return knex.schema.table('redirection_host', (table) => {
table.string('forward_scheme').notNull().defaultTo('$scheme');
}) })
.then(() => { .then(function () {
logger.info(`[${migrateName}] redirection_host Table altered`); logger.info('[' + migrate_name + '] redirection_host Table altered');
}); });
}; };
@@ -26,18 +26,16 @@ const up = (knex) => {
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (knex) => { exports.down = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Down...`); logger.info('[' + migrate_name + '] Migrating Down...');
return knex.schema return knex.schema.table('redirection_host', (table) => {
.table("redirection_host", (table) => { table.dropColumn('forward_scheme');
table.dropColumn("forward_scheme");
}) })
.then(() => { .then(function () {
logger.info(`[${migrateName}] redirection_host Table altered`); logger.info('[' + migrate_name + '] redirection_host Table altered');
}); });
}; };
export { up, down };

36
backend/migrations/20210210154703_redirection_status_code.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'redirection_status_code';
const logger = require('../logger').migrate;
const migrateName = "redirection_status_code";
/** /**
* Migrate * Migrate
@@ -8,17 +7,18 @@ const migrateName = "redirection_status_code";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Up...`);
return knex.schema logger.info('[' + migrate_name + '] Migrating Up...');
.table("redirection_host", (table) => {
table.integer("forward_http_code").notNull().unsigned().defaultTo(302); return knex.schema.table('redirection_host', (table) => {
table.integer('forward_http_code').notNull().unsigned().defaultTo(302);
}) })
.then(() => { .then(function () {
logger.info(`[${migrateName}] redirection_host Table altered`); logger.info('[' + migrate_name + '] redirection_host Table altered');
}); });
}; };
@@ -26,18 +26,16 @@ const up = (knex) => {
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (knex) => { exports.down = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Down...`); logger.info('[' + migrate_name + '] Migrating Down...');
return knex.schema return knex.schema.table('redirection_host', (table) => {
.table("redirection_host", (table) => { table.dropColumn('forward_http_code');
table.dropColumn("forward_http_code");
}) })
.then(() => { .then(function () {
logger.info(`[${migrateName}] redirection_host Table altered`); logger.info('[' + migrate_name + '] redirection_host Table altered');
}); });
}; };
export { up, down };

35
backend/migrations/20210423103500_stream_domain.js
View File

@@ -1,6 +1,5 @@
import { migrate as logger } from "../logger.js"; const migrate_name = 'stream_domain';
const logger = require('../logger').migrate;
const migrateName = "stream_domain";
/** /**
* Migrate * Migrate
@@ -8,17 +7,17 @@ const migrateName = "stream_domain";
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Up...`); logger.info('[' + migrate_name + '] Migrating Up...');
return knex.schema return knex.schema.table('stream', (table) => {
.table("stream", (table) => { table.renameColumn('forward_ip', 'forwarding_host');
table.renameColumn("forward_ip", "forwarding_host");
}) })
.then(() => { .then(function () {
logger.info(`[${migrateName}] stream Table altered`); logger.info('[' + migrate_name + '] stream Table altered');
}); });
}; };
@@ -26,18 +25,16 @@ const up = (knex) => {
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (knex) => { exports.down = function (knex/*, Promise*/) {
logger.info(`[${migrateName}] Migrating Down...`); logger.info('[' + migrate_name + '] Migrating Down...');
return knex.schema return knex.schema.table('stream', (table) => {
.table("stream", (table) => { table.renameColumn('forwarding_host', 'forward_ip');
table.renameColumn("forwarding_host", "forward_ip");
}) })
.then(() => { .then(function () {
logger.info(`[${migrateName}] stream Table altered`); logger.info('[' + migrate_name + '] stream Table altered');
}); });
}; };
export { up, down };

26
backend/migrations/20211108145214_regenerate_default_host.js
View File

@@ -1,19 +1,17 @@
import internalNginx from "../internal/nginx.js"; const migrate_name = 'stream_domain';
import { migrate as logger } from "../logger.js"; const logger = require('../logger').migrate;
const internalNginx = require('../internal/nginx');
const migrateName = "stream_domain";
async function regenerateDefaultHost(knex) { async function regenerateDefaultHost(knex) {
const row = await knex("setting").select("*").where("id", "default-site").first(); const row = await knex('setting').select('*').where('id', 'default-site').first();
if (!row) { if (!row) {
return Promise.resolve(); return Promise.resolve();
} }
return internalNginx return internalNginx.deleteConfig('default')
.deleteConfig("default")
.then(() => { .then(() => {
return internalNginx.generateConfig("default", row); return internalNginx.generateConfig('default', row);
}) })
.then(() => { .then(() => {
return internalNginx.test(); return internalNginx.test();
@@ -29,10 +27,11 @@ async function regenerateDefaultHost(knex) {
* @see http://knexjs.org/#Schema * @see http://knexjs.org/#Schema
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const up = (knex) => { exports.up = function (knex) {
logger.info(`[${migrateName}] Migrating Up...`); logger.info('[' + migrate_name + '] Migrating Up...');
return regenerateDefaultHost(knex); return regenerateDefaultHost(knex);
}; };
@@ -41,12 +40,11 @@ const up = (knex) => {
* Undo Migrate * Undo Migrate
* *
* @param {Object} knex * @param {Object} knex
* @param {Promise} Promise
* @returns {Promise} * @returns {Promise}
*/ */
const down = (knex) => { exports.down = function (knex) {
logger.info(`[${migrateName}] Migrating Down...`); logger.info('[' + migrate_name + '] Migrating Down...');
return regenerateDefaultHost(knex); return regenerateDefaultHost(knex);
}; };
export { up, down };

43
backend/migrations/20240427161436_stream_ssl.js
View File

@@ -1,43 +0,0 @@
import { migrate as logger } from "../logger.js";
const migrateName = "stream_ssl";
/**
* Migrate
*
* @see http://knexjs.org/#Schema
*
* @param {Object} knex
* @returns {Promise}
*/
const up = (knex) => {
logger.info(`[${migrateName}] Migrating Up...`);
return knex.schema
.table("stream", (table) => {
table.integer("certificate_id").notNull().unsigned().defaultTo(0);
})
.then(() => {
logger.info(`[${migrateName}] stream Table altered`);
});
};
/**
* Undo Migrate
*
* @param {Object} knex
* @returns {Promise}
*/
const down = (knex) => {
logger.info(`[${migrateName}] Migrating Down...`);
return knex.schema
.table("stream", (table) => {
table.dropColumn("certificate_id");
})
.then(() => {
logger.info(`[${migrateName}] stream Table altered`);
});
};
export { up, down };

34
backend/migrations/20241209025008_client_max_body_size.js Normal file
View File

@@ -0,0 +1,34 @@
const migrate_name = 'client_max_body_size';
const logger = require('../logger').migrate;
/**
* Migrate
*
* @see http://knexjs.org/#Schema
*
* @param {Object} knex
* @param {Promise} Promise
* @returns {Promise}
*/
exports.up = function (knex/*, Promise*/) {
logger.info('[' + migrate_name + '] Migrating Up...');
return knex.schema.table('proxy_host', function (proxy_host) {
proxy_host.integer('client_max_body_size').notNull().unsigned().defaultTo('1');
})
.then(() => {
logger.info('[' + migrate_name + '] proxy_host Table altered');
});
};
/**
* Undo Migrate
*
* @param {Object} knex
* @param {Promise} Promise
* @returns {Promise}
*/
exports.down = function (knex, Promise) {
logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
return Promise.resolve(true);
};

89
backend/models/access_list.js
View File

@@ -1,98 +1,103 @@
// Objection Docs: // Objection Docs:
// http://vincit.github.io/objection.js/ // http://vincit.github.io/objection.js/
import { Model } from "objection"; const db = require('../db');
import db from "../db.js"; const helpers = require('../lib/helpers');
import { convertBoolFieldsToInt, convertIntFieldsToBool } from "../lib/helpers.js"; const Model = require('objection').Model;
import AccessListAuth from "./access_list_auth.js"; const User = require('./user');
import AccessListClient from "./access_list_client.js"; const AccessListAuth = require('./access_list_auth');
import now from "./now_helper.js"; const AccessListClient = require('./access_list_client');
import ProxyHostModel from "./proxy_host.js"; const now = require('./now_helper');
import User from "./user.js";
Model.knex(db); Model.knex(db);
const boolFields = ["is_deleted", "satisfy_any", "pass_auth"]; const boolFields = [
'is_deleted',
'satisfy_any',
'pass_auth',
];
class AccessList extends Model { class AccessList extends Model {
$beforeInsert() { $beforeInsert () {
this.created_on = now(); this.created_on = now();
this.modified_on = now(); this.modified_on = now();
// Default for meta // Default for meta
if (typeof this.meta === "undefined") { if (typeof this.meta === 'undefined') {
this.meta = {}; this.meta = {};
} }
} }
$beforeUpdate() { $beforeUpdate () {
this.modified_on = now(); this.modified_on = now();
} }
$parseDatabaseJson(json) { $parseDatabaseJson(json) {
const thisJson = super.$parseDatabaseJson(json); json = super.$parseDatabaseJson(json);
return convertIntFieldsToBool(thisJson, boolFields); return helpers.convertIntFieldsToBool(json, boolFields);
} }
$formatDatabaseJson(json) { $formatDatabaseJson(json) {
const thisJson = convertBoolFieldsToInt(json, boolFields); json = helpers.convertBoolFieldsToInt(json, boolFields);
return super.$formatDatabaseJson(thisJson); return super.$formatDatabaseJson(json);
} }
static get name() { static get name () {
return "AccessList"; return 'AccessList';
} }
static get tableName() { static get tableName () {
return "access_list"; return 'access_list';
} }
static get jsonAttributes() { static get jsonAttributes () {
return ["meta"]; return ['meta'];
} }
static get relationMappings() { static get relationMappings () {
const ProxyHost = require('./proxy_host');
return { return {
owner: { owner: {
relation: Model.HasOneRelation, relation: Model.HasOneRelation,
modelClass: User, modelClass: User,
join: { join: {
from: "access_list.owner_user_id", from: 'access_list.owner_user_id',
to: "user.id", to: 'user.id'
},
modify: (qb) => {
qb.where("user.is_deleted", 0);
}, },
modify: function (qb) {
qb.where('user.is_deleted', 0);
}
}, },
items: { items: {
relation: Model.HasManyRelation, relation: Model.HasManyRelation,
modelClass: AccessListAuth, modelClass: AccessListAuth,
join: { join: {
from: "access_list.id", from: 'access_list.id',
to: "access_list_auth.access_list_id", to: 'access_list_auth.access_list_id'
}, }
}, },
clients: { clients: {
relation: Model.HasManyRelation, relation: Model.HasManyRelation,
modelClass: AccessListClient, modelClass: AccessListClient,
join: { join: {
from: "access_list.id", from: 'access_list.id',
to: "access_list_client.access_list_id", to: 'access_list_client.access_list_id'
}, }
}, },
proxy_hosts: { proxy_hosts: {
relation: Model.HasManyRelation, relation: Model.HasManyRelation,
modelClass: ProxyHostModel, modelClass: ProxyHost,
join: { join: {
from: "access_list.id", from: 'access_list.id',
to: "proxy_host.access_list_id", to: 'proxy_host.access_list_id'
},
modify: (qb) => {
qb.where("proxy_host.is_deleted", 0);
},
}, },
modify: function (qb) {
qb.where('proxy_host.is_deleted', 0);
}
}
}; };
} }
} }
export default AccessList; module.exports = AccessList;

43
backend/models/access_list_auth.js
View File

@@ -1,55 +1,54 @@
// Objection Docs: // Objection Docs:
// http://vincit.github.io/objection.js/ // http://vincit.github.io/objection.js/
import { Model } from "objection"; const db = require('../db');
import db from "../db.js"; const Model = require('objection').Model;
import accessListModel from "./access_list.js"; const now = require('./now_helper');
import now from "./now_helper.js";
Model.knex(db); Model.knex(db);
class AccessListAuth extends Model { class AccessListAuth extends Model {
$beforeInsert() { $beforeInsert () {
this.created_on = now(); this.created_on = now();
this.modified_on = now(); this.modified_on = now();
// Default for meta // Default for meta
if (typeof this.meta === "undefined") { if (typeof this.meta === 'undefined') {
this.meta = {}; this.meta = {};
} }
} }
$beforeUpdate() { $beforeUpdate () {
this.modified_on = now(); this.modified_on = now();
} }
static get name() { static get name () {
return "AccessListAuth"; return 'AccessListAuth';
} }
static get tableName() { static get tableName () {
return "access_list_auth"; return 'access_list_auth';
} }
static get jsonAttributes() { static get jsonAttributes () {
return ["meta"]; return ['meta'];
} }
static get relationMappings() { static get relationMappings () {
return { return {
access_list: { access_list: {
relation: Model.HasOneRelation, relation: Model.HasOneRelation,
modelClass: accessListModel, modelClass: require('./access_list'),
join: { join: {
from: "access_list_auth.access_list_id", from: 'access_list_auth.access_list_id',
to: "access_list.id", to: 'access_list.id'
},
modify: (qb) => {
qb.where("access_list.is_deleted", 0);
},
}, },
modify: function (qb) {
qb.where('access_list.is_deleted', 0);
}
}
}; };
} }
} }
export default AccessListAuth; module.exports = AccessListAuth;

43
backend/models/access_list_client.js
View File

@@ -1,55 +1,54 @@
// Objection Docs: // Objection Docs:
// http://vincit.github.io/objection.js/ // http://vincit.github.io/objection.js/
import { Model } from "objection"; const db = require('../db');
import db from "../db.js"; const Model = require('objection').Model;
import accessListModel from "./access_list.js"; const now = require('./now_helper');
import now from "./now_helper.js";
Model.knex(db); Model.knex(db);
class AccessListClient extends Model { class AccessListClient extends Model {
$beforeInsert() { $beforeInsert () {
this.created_on = now(); this.created_on = now();
this.modified_on = now(); this.modified_on = now();
// Default for meta // Default for meta
if (typeof this.meta === "undefined") { if (typeof this.meta === 'undefined') {
this.meta = {}; this.meta = {};
} }
} }
$beforeUpdate() { $beforeUpdate () {
this.modified_on = now(); this.modified_on = now();
} }
static get name() { static get name () {
return "AccessListClient"; return 'AccessListClient';
} }
static get tableName() { static get tableName () {
return "access_list_client"; return 'access_list_client';
} }
static get jsonAttributes() { static get jsonAttributes () {
return ["meta"]; return ['meta'];
} }
static get relationMappings() { static get relationMappings () {
return { return {
access_list: { access_list: {
relation: Model.HasOneRelation, relation: Model.HasOneRelation,
modelClass: accessListModel, modelClass: require('./access_list'),
join: { join: {
from: "access_list_client.access_list_id", from: 'access_list_client.access_list_id',
to: "access_list.id", to: 'access_list.id'
},
modify: (qb) => {
qb.where("access_list.is_deleted", 0);
},
}, },
modify: function (qb) {
qb.where('access_list.is_deleted', 0);
}
}
}; };
} }
} }
export default AccessListClient; module.exports = AccessListClient;

38
backend/models/audit-log.js
View File

@@ -1,52 +1,52 @@
// Objection Docs: // Objection Docs:
// http://vincit.github.io/objection.js/ // http://vincit.github.io/objection.js/
import { Model } from "objection"; const db = require('../db');
import db from "../db.js"; const Model = require('objection').Model;
import now from "./now_helper.js"; const User = require('./user');
import User from "./user.js"; const now = require('./now_helper');
Model.knex(db); Model.knex(db);
class AuditLog extends Model { class AuditLog extends Model {
$beforeInsert() { $beforeInsert () {
this.created_on = now(); this.created_on = now();
this.modified_on = now(); this.modified_on = now();
// Default for meta // Default for meta
if (typeof this.meta === "undefined") { if (typeof this.meta === 'undefined') {
this.meta = {}; this.meta = {};
} }
} }
$beforeUpdate() { $beforeUpdate () {
this.modified_on = now(); this.modified_on = now();
} }
static get name() { static get name () {
return "AuditLog"; return 'AuditLog';
} }
static get tableName() { static get tableName () {
return "audit_log"; return 'audit_log';
} }
static get jsonAttributes() { static get jsonAttributes () {
return ["meta"]; return ['meta'];
} }
static get relationMappings() { static get relationMappings () {
return { return {
user: { user: {
relation: Model.HasOneRelation, relation: Model.HasOneRelation,
modelClass: User, modelClass: User,
join: { join: {
from: "audit_log.user_id", from: 'audit_log.user_id',
to: "user.id", to: 'user.id'
}, }
}, }
}; };
} }
} }
export default AuditLog; module.exports = AuditLog;

70
backend/models/auth.js
View File

@@ -1,21 +1,27 @@
// Objection Docs: // Objection Docs:
// http://vincit.github.io/objection.js/ // http://vincit.github.io/objection.js/
import bcrypt from "bcrypt"; const bcrypt = require('bcrypt');
import { Model } from "objection"; const db = require('../db');
import db from "../db.js"; const helpers = require('../lib/helpers');
import { convertBoolFieldsToInt, convertIntFieldsToBool } from "../lib/helpers.js"; const Model = require('objection').Model;
import now from "./now_helper.js"; const User = require('./user');
import User from "./user.js"; const now = require('./now_helper');
Model.knex(db); Model.knex(db);
const boolFields = ["is_deleted"]; const boolFields = [
'is_deleted',
];
function encryptPassword() { function encryptPassword () {
if (this.type === "password" && this.secret) { /* jshint -W040 */
return bcrypt.hash(this.secret, 13).then((hash) => { let _this = this;
this.secret = hash;
if (_this.type === 'password' && _this.secret) {
return bcrypt.hash(_this.secret, 13)
.then(function (hash) {
_this.secret = hash;
}); });
} }
@@ -23,31 +29,31 @@ function encryptPassword() {
} }
class Auth extends Model { class Auth extends Model {
$beforeInsert(queryContext) { $beforeInsert (queryContext) {
this.created_on = now(); this.created_on = now();
this.modified_on = now(); this.modified_on = now();
// Default for meta // Default for meta
if (typeof this.meta === "undefined") { if (typeof this.meta === 'undefined') {
this.meta = {}; this.meta = {};
} }
return encryptPassword.apply(this, queryContext); return encryptPassword.apply(this, queryContext);
} }
$beforeUpdate(queryContext) { $beforeUpdate (queryContext) {
this.modified_on = now(); this.modified_on = now();
return encryptPassword.apply(this, queryContext); return encryptPassword.apply(this, queryContext);
} }
$parseDatabaseJson(json) { $parseDatabaseJson(json) {
const thisJson = super.$parseDatabaseJson(json); json = super.$parseDatabaseJson(json);
return convertIntFieldsToBool(thisJson, boolFields); return helpers.convertIntFieldsToBool(json, boolFields);
} }
$formatDatabaseJson(json) { $formatDatabaseJson(json) {
const thisJson = convertBoolFieldsToInt(json, boolFields); json = helpers.convertBoolFieldsToInt(json, boolFields);
return super.$formatDatabaseJson(thisJson); return super.$formatDatabaseJson(json);
} }
/** /**
@@ -56,37 +62,37 @@ class Auth extends Model {
* @param {String} password * @param {String} password
* @returns {Promise} * @returns {Promise}
*/ */
verifyPassword(password) { verifyPassword (password) {
return bcrypt.compare(password, this.secret); return bcrypt.compare(password, this.secret);
} }
static get name() { static get name () {
return "Auth"; return 'Auth';
} }
static get tableName() { static get tableName () {
return "auth"; return 'auth';
} }
static get jsonAttributes() { static get jsonAttributes () {
return ["meta"]; return ['meta'];
} }
static get relationMappings() { static get relationMappings () {
return { return {
user: { user: {
relation: Model.HasOneRelation, relation: Model.HasOneRelation,
modelClass: User, modelClass: User,
join: { join: {
from: "auth.user_id", from: 'auth.user_id',
to: "user.id", to: 'user.id'
}, },
filter: { filter: {
is_deleted: 0, is_deleted: 0
}, }
}, }
}; };
} }
} }
export default Auth; module.exports = Auth;

112
backend/models/certificate.js
View File

@@ -1,133 +1,87 @@
// Objection Docs: // Objection Docs:
// http://vincit.github.io/objection.js/ // http://vincit.github.io/objection.js/
import { Model } from "objection"; const db = require('../db');
import db from "../db.js"; const helpers = require('../lib/helpers');
import { convertBoolFieldsToInt, convertIntFieldsToBool } from "../lib/helpers.js"; const Model = require('objection').Model;
import deadHostModel from "./dead_host.js"; const User = require('./user');
import now from "./now_helper.js"; const now = require('./now_helper');
import proxyHostModel from "./proxy_host.js";
import redirectionHostModel from "./redirection_host.js";
import streamModel from "./stream.js";
import userModel from "./user.js";
Model.knex(db); Model.knex(db);
const boolFields = ["is_deleted"]; const boolFields = [
'is_deleted',
];
class Certificate extends Model { class Certificate extends Model {
$beforeInsert() { $beforeInsert () {
this.created_on = now(); this.created_on = now();
this.modified_on = now(); this.modified_on = now();
// Default for expires_on // Default for expires_on
if (typeof this.expires_on === "undefined") { if (typeof this.expires_on === 'undefined') {
this.expires_on = now(); this.expires_on = now();
} }
// Default for domain_names // Default for domain_names
if (typeof this.domain_names === "undefined") { if (typeof this.domain_names === 'undefined') {
this.domain_names = []; this.domain_names = [];
} }
// Default for meta // Default for meta
if (typeof this.meta === "undefined") { if (typeof this.meta === 'undefined') {
this.meta = {}; this.meta = {};
} }
this.domain_names.sort(); this.domain_names.sort();
} }
$beforeUpdate() { $beforeUpdate () {
this.modified_on = now(); this.modified_on = now();
// Sort domain_names // Sort domain_names
if (typeof this.domain_names !== "undefined") { if (typeof this.domain_names !== 'undefined') {
this.domain_names.sort(); this.domain_names.sort();
} }
} }
$parseDatabaseJson(json) { $parseDatabaseJson(json) {
const thisJson = super.$parseDatabaseJson(json); json = super.$parseDatabaseJson(json);
return convertIntFieldsToBool(thisJson, boolFields); return helpers.convertIntFieldsToBool(json, boolFields);
} }
$formatDatabaseJson(json) { $formatDatabaseJson(json) {
const thisJson = convertBoolFieldsToInt(json, boolFields); json = helpers.convertBoolFieldsToInt(json, boolFields);
return super.$formatDatabaseJson(thisJson); return super.$formatDatabaseJson(json);
} }
static get name() { static get name () {
return "Certificate"; return 'Certificate';
} }
static get tableName() { static get tableName () {
return "certificate"; return 'certificate';
} }
static get jsonAttributes() { static get jsonAttributes () {
return ["domain_names", "meta"]; return ['domain_names', 'meta'];
} }
static get relationMappings() { static get relationMappings () {
return { return {
owner: { owner: {
relation: Model.HasOneRelation, relation: Model.HasOneRelation,
modelClass: userModel, modelClass: User,
join: { join: {
from: "certificate.owner_user_id", from: 'certificate.owner_user_id',
to: "user.id", to: 'user.id'
},
modify: (qb) => {
qb.where("user.is_deleted", 0);
},
},
proxy_hosts: {
relation: Model.HasManyRelation,
modelClass: proxyHostModel,
join: {
from: "certificate.id",
to: "proxy_host.certificate_id",
},
modify: (qb) => {
qb.where("proxy_host.is_deleted", 0);
},
},
dead_hosts: {
relation: Model.HasManyRelation,
modelClass: deadHostModel,
join: {
from: "certificate.id",
to: "dead_host.certificate_id",
},
modify: (qb) => {
qb.where("dead_host.is_deleted", 0);
},
},
redirection_hosts: {
relation: Model.HasManyRelation,
modelClass: redirectionHostModel,
join: {
from: "certificate.id",
to: "redirection_host.certificate_id",
},
modify: (qb) => {
qb.where("redirection_host.is_deleted", 0);
},
},
streams: {
relation: Model.HasManyRelation,
modelClass: streamModel,
join: {
from: "certificate.id",
to: "stream.certificate_id",
},
modify: (qb) => {
qb.where("stream.is_deleted", 0);
},
}, },
modify: function (qb) {
qb.where('user.is_deleted', 0);
}
}
}; };
} }
} }
export default Certificate; module.exports = Certificate;

73
backend/models/dead_host.js
View File

@@ -1,92 +1,95 @@
// Objection Docs: // Objection Docs:
// http://vincit.github.io/objection.js/ // http://vincit.github.io/objection.js/
import { Model } from "objection"; const db = require('../db');
import db from "../db.js"; const helpers = require('../lib/helpers');
import { convertBoolFieldsToInt, convertIntFieldsToBool } from "../lib/helpers.js"; const Model = require('objection').Model;
import Certificate from "./certificate.js"; const User = require('./user');
import now from "./now_helper.js"; const Certificate = require('./certificate');
import User from "./user.js"; const now = require('./now_helper');
Model.knex(db); Model.knex(db);
const boolFields = ["is_deleted", "ssl_forced", "http2_support", "enabled", "hsts_enabled", "hsts_subdomains"]; const boolFields = [
'is_deleted',
'enabled',
];
class DeadHost extends Model { class DeadHost extends Model {
$beforeInsert() { $beforeInsert () {
this.created_on = now(); this.created_on = now();
this.modified_on = now(); this.modified_on = now();
// Default for domain_names // Default for domain_names
if (typeof this.domain_names === "undefined") { if (typeof this.domain_names === 'undefined') {
this.domain_names = []; this.domain_names = [];
} }
// Default for meta // Default for meta
if (typeof this.meta === "undefined") { if (typeof this.meta === 'undefined') {
this.meta = {}; this.meta = {};
} }
this.domain_names.sort(); this.domain_names.sort();
} }
$beforeUpdate() { $beforeUpdate () {
this.modified_on = now(); this.modified_on = now();
// Sort domain_names // Sort domain_names
if (typeof this.domain_names !== "undefined") { if (typeof this.domain_names !== 'undefined') {
this.domain_names.sort(); this.domain_names.sort();
} }
} }
$parseDatabaseJson(json) { $parseDatabaseJson(json) {
const thisJson = super.$parseDatabaseJson(json); json = super.$parseDatabaseJson(json);
return convertIntFieldsToBool(thisJson, boolFields); return helpers.convertIntFieldsToBool(json, boolFields);
} }
$formatDatabaseJson(json) { $formatDatabaseJson(json) {
const thisJson = convertBoolFieldsToInt(json, boolFields); json = helpers.convertBoolFieldsToInt(json, boolFields);
return super.$formatDatabaseJson(thisJson); return super.$formatDatabaseJson(json);
} }
static get name() { static get name () {
return "DeadHost"; return 'DeadHost';
} }
static get tableName() { static get tableName () {
return "dead_host"; return 'dead_host';
} }
static get jsonAttributes() { static get jsonAttributes () {
return ["domain_names", "meta"]; return ['domain_names', 'meta'];
} }
static get relationMappings() { static get relationMappings () {
return { return {
owner: { owner: {
relation: Model.HasOneRelation, relation: Model.HasOneRelation,
modelClass: User, modelClass: User,
join: { join: {
from: "dead_host.owner_user_id", from: 'dead_host.owner_user_id',
to: "user.id", to: 'user.id'
},
modify: (qb) => {
qb.where("user.is_deleted", 0);
}, },
modify: function (qb) {
qb.where('user.is_deleted', 0);
}
}, },
certificate: { certificate: {
relation: Model.HasOneRelation, relation: Model.HasOneRelation,
modelClass: Certificate, modelClass: Certificate,
join: { join: {
from: "dead_host.certificate_id", from: 'dead_host.certificate_id',
to: "certificate.id", to: 'certificate.id'
},
modify: (qb) => {
qb.where("certificate.is_deleted", 0);
},
}, },
modify: function (qb) {
qb.where('certificate.is_deleted', 0);
}
}
}; };
} }
} }
export default DeadHost; module.exports = DeadHost;

13
backend/models/now_helper.js
View File

@@ -1,12 +1,13 @@
import { Model } from "objection"; const db = require('../db');
import db from "../db.js"; const config = require('../lib/config');
import { isSqlite } from "../lib/config.js"; const Model = require('objection').Model;
Model.knex(db); Model.knex(db);
export default () => { module.exports = function () {
if (isSqlite()) { if (config.isSqlite()) {
// eslint-disable-next-line
return Model.raw("datetime('now','localtime')"); return Model.raw("datetime('now','localtime')");
} }
return Model.raw("NOW()"); return Model.raw('NOW()');
}; };

98
backend/models/proxy_host.js
View File

@@ -1,114 +1,114 @@
// Objection Docs: // Objection Docs:
// http://vincit.github.io/objection.js/ // http://vincit.github.io/objection.js/
import { Model } from "objection"; const db = require('../db');
import db from "../db.js"; const helpers = require('../lib/helpers');
import { convertBoolFieldsToInt, convertIntFieldsToBool } from "../lib/helpers.js"; const Model = require('objection').Model;
import AccessList from "./access_list.js"; const User = require('./user');
import Certificate from "./certificate.js"; const AccessList = require('./access_list');
import now from "./now_helper.js"; const Certificate = require('./certificate');
import User from "./user.js"; const now = require('./now_helper');
Model.knex(db); Model.knex(db);
const boolFields = [ const boolFields = [
"is_deleted", 'is_deleted',
"ssl_forced", 'ssl_forced',
"caching_enabled", 'caching_enabled',
"block_exploits", 'block_exploits',
"allow_websocket_upgrade", 'allow_websocket_upgrade',
"http2_support", 'http2_support',
"enabled", 'enabled',
"hsts_enabled", 'hsts_enabled',
"hsts_subdomains", 'hsts_subdomains',
]; ];
class ProxyHost extends Model { class ProxyHost extends Model {
$beforeInsert() { $beforeInsert () {
this.created_on = now(); this.created_on = now();
this.modified_on = now(); this.modified_on = now();
// Default for domain_names // Default for domain_names
if (typeof this.domain_names === "undefined") { if (typeof this.domain_names === 'undefined') {
this.domain_names = []; this.domain_names = [];
} }
// Default for meta // Default for meta
if (typeof this.meta === "undefined") { if (typeof this.meta === 'undefined') {
this.meta = {}; this.meta = {};
} }
this.domain_names.sort(); this.domain_names.sort();
} }
$beforeUpdate() { $beforeUpdate () {
this.modified_on = now(); this.modified_on = now();
// Sort domain_names // Sort domain_names
if (typeof this.domain_names !== "undefined") { if (typeof this.domain_names !== 'undefined') {
this.domain_names.sort(); this.domain_names.sort();
} }
} }
$parseDatabaseJson(json) { $parseDatabaseJson(json) {
const thisJson = super.$parseDatabaseJson(json); json = super.$parseDatabaseJson(json);
return convertIntFieldsToBool(thisJson, boolFields); return helpers.convertIntFieldsToBool(json, boolFields);
} }
$formatDatabaseJson(json) { $formatDatabaseJson(json) {
const thisJson = convertBoolFieldsToInt(json, boolFields); json = helpers.convertBoolFieldsToInt(json, boolFields);
return super.$formatDatabaseJson(thisJson); return super.$formatDatabaseJson(json);
} }
static get name() { static get name () {
return "ProxyHost"; return 'ProxyHost';
} }
static get tableName() { static get tableName () {
return "proxy_host"; return 'proxy_host';
} }
static get jsonAttributes() { static get jsonAttributes () {
return ["domain_names", "meta", "locations"]; return ['domain_names', 'meta', 'locations'];
} }
static get relationMappings() { static get relationMappings () {
return { return {
owner: { owner: {
relation: Model.HasOneRelation, relation: Model.HasOneRelation,
modelClass: User, modelClass: User,
join: { join: {
from: "proxy_host.owner_user_id", from: 'proxy_host.owner_user_id',
to: "user.id", to: 'user.id'
},
modify: (qb) => {
qb.where("user.is_deleted", 0);
}, },
modify: function (qb) {
qb.where('user.is_deleted', 0);
}
}, },
access_list: { access_list: {
relation: Model.HasOneRelation, relation: Model.HasOneRelation,
modelClass: AccessList, modelClass: AccessList,
join: { join: {
from: "proxy_host.access_list_id", from: 'proxy_host.access_list_id',
to: "access_list.id", to: 'access_list.id'
},
modify: (qb) => {
qb.where("access_list.is_deleted", 0);
}, },
modify: function (qb) {
qb.where('access_list.is_deleted', 0);
}
}, },
certificate: { certificate: {
relation: Model.HasOneRelation, relation: Model.HasOneRelation,
modelClass: Certificate, modelClass: Certificate,
join: { join: {
from: "proxy_host.certificate_id", from: 'proxy_host.certificate_id',
to: "certificate.id", to: 'certificate.id'
},
modify: (qb) => {
qb.where("certificate.is_deleted", 0);
},
}, },
modify: function (qb) {
qb.where('certificate.is_deleted', 0);
}
}
}; };
} }
} }
export default ProxyHost; module.exports = ProxyHost;

82
backend/models/redirection_host.js
View File

@@ -1,101 +1,99 @@
// Objection Docs: // Objection Docs:
// http://vincit.github.io/objection.js/ // http://vincit.github.io/objection.js/
import { Model } from "objection"; const db = require('../db');
import db from "../db.js"; const helpers = require('../lib/helpers');
import { convertBoolFieldsToInt, convertIntFieldsToBool } from "../lib/helpers.js"; const Model = require('objection').Model;
import Certificate from "./certificate.js"; const User = require('./user');
import now from "./now_helper.js"; const Certificate = require('./certificate');
import User from "./user.js"; const now = require('./now_helper');
Model.knex(db); Model.knex(db);
const boolFields = [ const boolFields = [
"is_deleted", 'is_deleted',
"enabled", 'enabled',
"preserve_path", 'preserve_path',
"ssl_forced", 'ssl_forced',
"block_exploits", 'block_exploits',
"hsts_enabled",
"hsts_subdomains",
"http2_support",
]; ];
class RedirectionHost extends Model { class RedirectionHost extends Model {
$beforeInsert() { $beforeInsert () {
this.created_on = now(); this.created_on = now();
this.modified_on = now(); this.modified_on = now();
// Default for domain_names // Default for domain_names
if (typeof this.domain_names === "undefined") { if (typeof this.domain_names === 'undefined') {
this.domain_names = []; this.domain_names = [];
} }
// Default for meta // Default for meta
if (typeof this.meta === "undefined") { if (typeof this.meta === 'undefined') {
this.meta = {}; this.meta = {};
} }
this.domain_names.sort(); this.domain_names.sort();
} }
$beforeUpdate() { $beforeUpdate () {
this.modified_on = now(); this.modified_on = now();
// Sort domain_names // Sort domain_names
if (typeof this.domain_names !== "undefined") { if (typeof this.domain_names !== 'undefined') {
this.domain_names.sort(); this.domain_names.sort();
} }
} }
$parseDatabaseJson(json) { $parseDatabaseJson(json) {
const thisJson = super.$parseDatabaseJson(json); json = super.$parseDatabaseJson(json);
return convertIntFieldsToBool(thisJson, boolFields); return helpers.convertIntFieldsToBool(json, boolFields);
} }
$formatDatabaseJson(json) { $formatDatabaseJson(json) {
const thisJson = convertBoolFieldsToInt(json, boolFields); json = helpers.convertBoolFieldsToInt(json, boolFields);
return super.$formatDatabaseJson(thisJson); return super.$formatDatabaseJson(json);
} }
static get name() { static get name () {
return "RedirectionHost"; return 'RedirectionHost';
} }
static get tableName() { static get tableName () {
return "redirection_host"; return 'redirection_host';
} }
static get jsonAttributes() { static get jsonAttributes () {
return ["domain_names", "meta"]; return ['domain_names', 'meta'];
} }
static get relationMappings() { static get relationMappings () {
return { return {
owner: { owner: {
relation: Model.HasOneRelation, relation: Model.HasOneRelation,
modelClass: User, modelClass: User,
join: { join: {
from: "redirection_host.owner_user_id", from: 'redirection_host.owner_user_id',
to: "user.id", to: 'user.id'
},
modify: (qb) => {
qb.where("user.is_deleted", 0);
}, },
modify: function (qb) {
qb.where('user.is_deleted', 0);
}
}, },
certificate: { certificate: {
relation: Model.HasOneRelation, relation: Model.HasOneRelation,
modelClass: Certificate, modelClass: Certificate,
join: { join: {
from: "redirection_host.certificate_id", from: 'redirection_host.certificate_id',
to: "certificate.id", to: 'certificate.id'
},
modify: (qb) => {
qb.where("certificate.is_deleted", 0);
},
}, },
modify: function (qb) {
qb.where('certificate.is_deleted', 0);
}
}
}; };
} }
} }
export default RedirectionHost; module.exports = RedirectionHost;

6
backend/models/setting.js
View File

@@ -1,8 +1,8 @@
// Objection Docs: // Objection Docs:
// http://vincit.github.io/objection.js/ // http://vincit.github.io/objection.js/
import { Model } from "objection"; const db = require('../db');
import db from "../db.js"; const Model = require('objection').Model;
Model.knex(db); Model.knex(db);
@@ -27,4 +27,4 @@ class Setting extends Model {
} }
} }
export default Setting; module.exports = Setting;

73
backend/models/stream.js
View File

@@ -1,77 +1,72 @@
import { Model } from "objection"; // Objection Docs:
import db from "../db.js"; // http://vincit.github.io/objection.js/
import { convertBoolFieldsToInt, convertIntFieldsToBool } from "../lib/helpers.js";
import Certificate from "./certificate.js"; const db = require('../db');
import now from "./now_helper.js"; const helpers = require('../lib/helpers');
import User from "./user.js"; const Model = require('objection').Model;
const User = require('./user');
const now = require('./now_helper');
Model.knex(db); Model.knex(db);
const boolFields = ["is_deleted", "enabled", "tcp_forwarding", "udp_forwarding"]; const boolFields = [
'is_deleted',
'tcp_forwarding',
'udp_forwarding',
];
class Stream extends Model { class Stream extends Model {
$beforeInsert() { $beforeInsert () {
this.created_on = now(); this.created_on = now();
this.modified_on = now(); this.modified_on = now();
// Default for meta // Default for meta
if (typeof this.meta === "undefined") { if (typeof this.meta === 'undefined') {
this.meta = {}; this.meta = {};
} }
} }
$beforeUpdate() { $beforeUpdate () {
this.modified_on = now(); this.modified_on = now();
} }
$parseDatabaseJson(json) { $parseDatabaseJson(json) {
const thisJson = super.$parseDatabaseJson(json); json = super.$parseDatabaseJson(json);
return convertIntFieldsToBool(thisJson, boolFields); return helpers.convertIntFieldsToBool(json, boolFields);
} }
$formatDatabaseJson(json) { $formatDatabaseJson(json) {
const thisJson = convertBoolFieldsToInt(json, boolFields); json = helpers.convertBoolFieldsToInt(json, boolFields);
return super.$formatDatabaseJson(thisJson); return super.$formatDatabaseJson(json);
} }
static get name() { static get name () {
return "Stream"; return 'Stream';
} }
static get tableName() { static get tableName () {
return "stream"; return 'stream';
} }
static get jsonAttributes() { static get jsonAttributes () {
return ["meta"]; return ['meta'];
} }
static get relationMappings() { static get relationMappings () {
return { return {
owner: { owner: {
relation: Model.HasOneRelation, relation: Model.HasOneRelation,
modelClass: User, modelClass: User,
join: { join: {
from: "stream.owner_user_id", from: 'stream.owner_user_id',
to: "user.id", to: 'user.id'
},
modify: (qb) => {
qb.where("user.is_deleted", 0);
},
},
certificate: {
relation: Model.HasOneRelation,
modelClass: Certificate,
join: {
from: "stream.certificate_id",
to: "certificate.id",
},
modify: (qb) => {
qb.where("certificate.is_deleted", 0);
},
}, },
modify: function (qb) {
qb.where('user.is_deleted', 0);
}
}
}; };
} }
} }
export default Stream; module.exports = Stream;

97
backend/models/token.js
View File

@@ -3,17 +3,17 @@
and then has abilities after that. and then has abilities after that.
*/ */
import crypto from "node:crypto"; const _ = require('lodash');
import jwt from "jsonwebtoken"; const jwt = require('jsonwebtoken');
import _ from "lodash"; const crypto = require('crypto');
import { getPrivateKey, getPublicKey } from "../lib/config.js"; const config = require('../lib/config');
import errs from "../lib/error.js"; const error = require('../lib/error');
import { global as logger } from "../logger.js"; const logger = require('../logger').global;
const ALGO = 'RS256';
const ALGO = "RS256"; module.exports = function () {
export default () => { let token_data = {};
let tokenData = {};
const self = { const self = {
/** /**
@@ -21,26 +21,28 @@ export default () => {
* @returns {Promise} * @returns {Promise}
*/ */
create: (payload) => { create: (payload) => {
if (!getPrivateKey()) { if (!config.getPrivateKey()) {
logger.error("Private key is empty!"); logger.error('Private key is empty!');
} }
// sign with RSA SHA256 // sign with RSA SHA256
const options = { const options = {
algorithm: ALGO, algorithm: ALGO,
expiresIn: payload.expiresIn || "1d", expiresIn: payload.expiresIn || '1d'
}; };
payload.jti = crypto.randomBytes(12).toString("base64").substring(-8); payload.jti = crypto.randomBytes(12)
.toString('base64')
.substring(-8);
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
jwt.sign(payload, getPrivateKey(), options, (err, token) => { jwt.sign(payload, config.getPrivateKey(), options, (err, token) => {
if (err) { if (err) {
reject(err); reject(err);
} else { } else {
tokenData = payload; token_data = payload;
resolve({ resolve({
token: token, token: token,
payload: payload, payload: payload
}); });
} }
}); });
@@ -51,47 +53,42 @@ export default () => {
* @param {String} token * @param {String} token
* @returns {Promise} * @returns {Promise}
*/ */
load: (token) => { load: function (token) {
if (!getPublicKey()) { if (!config.getPublicKey()) {
logger.error("Public key is empty!"); logger.error('Public key is empty!');
} }
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
try { try {
if (!token || token === null || token === "null") { if (!token || token === null || token === 'null') {
reject(new errs.AuthError("Empty token")); reject(new error.AuthError('Empty token'));
} else { } else {
jwt.verify( jwt.verify(token, config.getPublicKey(), {ignoreExpiration: false, algorithms: [ALGO]}, (err, result) => {
token,
getPublicKey(),
{ ignoreExpiration: false, algorithms: [ALGO] },
(err, result) => {
if (err) { if (err) {
if (err.name === "TokenExpiredError") {
reject(new errs.AuthError("Token has expired", err)); if (err.name === 'TokenExpiredError') {
reject(new error.AuthError('Token has expired', err));
} else { } else {
reject(err); reject(err);
} }
} else { } else {
tokenData = result; token_data = result;
// Hack: some tokens out in the wild have a scope of 'all' instead of 'user'. // Hack: some tokens out in the wild have a scope of 'all' instead of 'user'.
// For 30 days at least, we need to replace 'all' with user. // For 30 days at least, we need to replace 'all' with user.
if ( if ((typeof token_data.scope !== 'undefined' && _.indexOf(token_data.scope, 'all') !== -1)) {
typeof tokenData.scope !== "undefined" && token_data.scope = ['user'];
_.indexOf(tokenData.scope, "all") !== -1
) {
tokenData.scope = ["user"];
} }
resolve(tokenData); resolve(token_data);
} }
}, });
);
} }
} catch (err) { } catch (err) {
reject(err); reject(err);
} }
}); });
}, },
/** /**
@@ -100,15 +97,17 @@ export default () => {
* @param {String} scope * @param {String} scope
* @returns {Boolean} * @returns {Boolean}
*/ */
hasScope: (scope) => typeof tokenData.scope !== "undefined" && _.indexOf(tokenData.scope, scope) !== -1, hasScope: function (scope) {
return typeof token_data.scope !== 'undefined' && _.indexOf(token_data.scope, scope) !== -1;
},
/** /**
* @param {String} key * @param {String} key
* @return {*} * @return {*}
*/ */
get: (key) => { get: function (key) {
if (typeof tokenData[key] !== "undefined") { if (typeof token_data[key] !== 'undefined') {
return tokenData[key]; return token_data[key];
} }
return null; return null;
@@ -118,22 +117,22 @@ export default () => {
* @param {String} key * @param {String} key
* @param {*} value * @param {*} value
*/ */
set: (key, value) => { set: function (key, value) {
tokenData[key] = value; token_data[key] = value;
}, },
/** /**
* @param [defaultValue] * @param [default_value]
* @returns {Integer} * @returns {Integer}
*/ */
getUserId: (defaultValue) => { getUserId: (default_value) => {
const attrs = self.get("attrs"); const attrs = self.get('attrs');
if (attrs?.id) { if (attrs && typeof attrs.id !== 'undefined' && attrs.id) {
return attrs.id; return attrs.id;
} }
return defaultValue || 0; return default_value || 0;
}, }
}; };
return self; return self;

54
backend/models/user.js
View File

@@ -1,65 +1,69 @@
// Objection Docs: // Objection Docs:
// http://vincit.github.io/objection.js/ // http://vincit.github.io/objection.js/
import { Model } from "objection"; const db = require('../db');
import db from "../db.js"; const helpers = require('../lib/helpers');
import { convertBoolFieldsToInt, convertIntFieldsToBool } from "../lib/helpers.js"; const Model = require('objection').Model;
import now from "./now_helper.js"; const UserPermission = require('./user_permission');
import UserPermission from "./user_permission.js"; const now = require('./now_helper');
Model.knex(db); Model.knex(db);
const boolFields = ["is_deleted", "is_disabled"]; const boolFields = [
'is_deleted',
'is_disabled',
];
class User extends Model { class User extends Model {
$beforeInsert() { $beforeInsert () {
this.created_on = now(); this.created_on = now();
this.modified_on = now(); this.modified_on = now();
// Default for roles // Default for roles
if (typeof this.roles === "undefined") { if (typeof this.roles === 'undefined') {
this.roles = []; this.roles = [];
} }
} }
$beforeUpdate() { $beforeUpdate () {
this.modified_on = now(); this.modified_on = now();
} }
$parseDatabaseJson(json) { $parseDatabaseJson(json) {
const thisJson = super.$parseDatabaseJson(json); json = super.$parseDatabaseJson(json);
return convertIntFieldsToBool(thisJson, boolFields); return helpers.convertIntFieldsToBool(json, boolFields);
} }
$formatDatabaseJson(json) { $formatDatabaseJson(json) {
const thisJson = convertBoolFieldsToInt(json, boolFields); json = helpers.convertBoolFieldsToInt(json, boolFields);
return super.$formatDatabaseJson(thisJson); return super.$formatDatabaseJson(json);
} }
static get name() { static get name () {
return "User"; return 'User';
} }
static get tableName() { static get tableName () {
return "user"; return 'user';
} }
static get jsonAttributes() { static get jsonAttributes () {
return ["roles"]; return ['roles'];
} }
static get relationMappings() { static get relationMappings () {
return { return {
permissions: { permissions: {
relation: Model.HasOneRelation, relation: Model.HasOneRelation,
modelClass: UserPermission, modelClass: UserPermission,
join: { join: {
from: "user.id", from: 'user.id',
to: "user_permission.user_id", to: 'user_permission.user_id'
}, }
}, }
}; };
} }
} }
export default User; module.exports = User;

8
backend/models/user_permission.js
View File

@@ -1,9 +1,9 @@
// Objection Docs: // Objection Docs:
// http://vincit.github.io/objection.js/ // http://vincit.github.io/objection.js/
import { Model } from "objection"; const db = require('../db');
import db from "../db.js"; const Model = require('objection').Model;
import now from "./now_helper.js"; const now = require('./now_helper');
Model.knex(db); Model.knex(db);
@@ -26,4 +26,4 @@ class UserPermission extends Model {
} }
} }
export default UserPermission; module.exports = UserPermission;

2
backend/nodemon.json
View File

@@ -3,5 +3,5 @@
"ignore": [ "ignore": [
"data" "data"
], ],
"ext": "js json ejs cjs" "ext": "js json ejs"
} }

44
backend/package.json
View File

@@ -1,16 +1,8 @@
{ {
"name": "nginx-proxy-manager", "name": "nginx-proxy-manager",
"version": "2.0.0", "version": "0.0.0",
"description": "A beautiful interface for creating Nginx endpoints", "description": "A beautiful interface for creating Nginx endpoints",
"author": "Jamie Curnow <jc@jc21.com>",
"license": "MIT",
"main": "index.js", "main": "index.js",
"type": "module",
"scripts": {
"lint": "biome lint",
"prettier": "biome format --write .",
"validate-schema": "node validate-schema.js"
},
"dependencies": { "dependencies": {
"@apidevtools/json-schema-ref-parser": "^11.7.0", "@apidevtools/json-schema-ref-parser": "^11.7.0",
"ajv": "^8.17.1", "ajv": "^8.17.1",
@@ -20,30 +12,36 @@
"body-parser": "^1.20.3", "body-parser": "^1.20.3",
"compression": "^1.7.4", "compression": "^1.7.4",
"express": "^4.20.0", "express": "^4.20.0",
"express-fileupload": "^1.5.2", "express-fileupload": "^1.1.9",
"gravatar": "^1.8.2", "gravatar": "^1.8.0",
"jsonwebtoken": "^9.0.2", "jsonwebtoken": "^9.0.0",
"knex": "2.4.2", "knex": "2.4.2",
"liquidjs": "10.6.1", "liquidjs": "10.6.1",
"lodash": "^4.17.21", "lodash": "^4.17.21",
"moment": "^2.30.1", "moment": "^2.29.4",
"mysql2": "^3.15.3", "mysql2": "^3.11.1",
"node-rsa": "^1.1.1", "node-rsa": "^1.0.8",
"objection": "3.0.1", "objection": "3.0.1",
"path": "^0.12.7", "path": "^0.12.7",
"pg": "^8.16.3",
"signale": "1.4.0", "signale": "1.4.0",
"sqlite3": "^5.1.7", "sqlite3": "5.1.6",
"temp-write": "^4.0.0" "temp-write": "^4.0.0"
}, },
"devDependencies": {
"@apidevtools/swagger-parser": "^10.1.0",
"@biomejs/biome": "^2.3.2",
"chalk": "4.1.2",
"nodemon": "^2.0.2"
},
"signale": { "signale": {
"displayDate": true, "displayDate": true,
"displayTimestamp": true "displayTimestamp": true
},
"author": "Jamie Curnow <jc@jc21.com>",
"license": "MIT",
"devDependencies": {
"@apidevtools/swagger-parser": "^10.1.0",
"chalk": "4.1.2",
"eslint": "^8.36.0",
"eslint-plugin-align-assignments": "^1.1.2",
"nodemon": "^2.0.2",
"prettier": "^2.0.4"
},
"scripts": {
"validate-schema": "node validate-schema.js"
} }
} }

103
backend/routes/audit-log.js
View File

@@ -1,20 +1,19 @@
import express from "express"; const express = require('express');
import internalAuditLog from "../internal/audit-log.js"; const validator = require('../lib/validator');
import jwtdecode from "../lib/express/jwt-decode.js"; const jwtdecode = require('../lib/express/jwt-decode');
import validator from "../lib/validator/index.js"; const internalAuditLog = require('../internal/audit-log');
import { express as logger } from "../logger.js";
const router = express.Router({ let router = express.Router({
caseSensitive: true, caseSensitive: true,
strict: true, strict: true,
mergeParams: true, mergeParams: true
}); });
/** /**
* /api/audit-log * /api/audit-log
*/ */
router router
.route("/") .route('/')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -25,83 +24,29 @@ router
* *
* Retrieve all logs * Retrieve all logs
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator(
{
additionalProperties: false, additionalProperties: false,
properties: { properties: {
expand: { expand: {
$ref: "common#/properties/expand", $ref: 'common#/properties/expand'
}, },
query: { query: {
$ref: "common#/properties/query", $ref: 'common#/properties/query'
},
},
},
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const rows = await internalAuditLog.getAll(res.locals.access, data.expand, data.query);
res.status(200).send(rows);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
} }
}); }
}, {
/** expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null),
* Specific audit log entry query: (typeof req.query.query === 'string' ? req.query.query : null)
*
* /api/audit-log/123
*/
router
.route("/:event_id")
.options((_, res) => {
res.sendStatus(204);
}) })
.all(jwtdecode()) .then((data) => {
return internalAuditLog.getAll(res.locals.access, data.expand, data.query);
/** })
* GET /api/audit-log/123 .then((rows) => {
* res.status(200)
* Retrieve a specific entry .send(rows);
*/ })
.get(async (req, res, next) => { .catch(next);
try {
const data = await validator(
{
required: ["event_id"],
additionalProperties: false,
properties: {
event_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
},
},
},
{
event_id: req.params.event_id,
expand:
typeof req.query.expand === "string"
? req.query.expand.split(",")
: null,
},
);
const item = await internalAuditLog.get(res.locals.access, {
id: data.event_id,
expand: data.expand,
});
res.status(200).send(item);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
export default router; module.exports = router;

71
backend/routes/main.js
View File

@@ -1,66 +1,51 @@
import express from "express"; const express = require('express');
import errs from "../lib/error.js"; const pjson = require('../package.json');
import pjson from "../package.json" with { type: "json" }; const error = require('../lib/error');
import { isSetup } from "../setup.js";
import auditLogRoutes from "./audit-log.js";
import accessListsRoutes from "./nginx/access_lists.js";
import certificatesHostsRoutes from "./nginx/certificates.js";
import deadHostsRoutes from "./nginx/dead_hosts.js";
import proxyHostsRoutes from "./nginx/proxy_hosts.js";
import redirectionHostsRoutes from "./nginx/redirection_hosts.js";
import streamsRoutes from "./nginx/streams.js";
import reportsRoutes from "./reports.js";
import schemaRoutes from "./schema.js";
import settingsRoutes from "./settings.js";
import tokensRoutes from "./tokens.js";
import usersRoutes from "./users.js";
const router = express.Router({ let router = express.Router({
caseSensitive: true, caseSensitive: true,
strict: true, strict: true,
mergeParams: true, mergeParams: true
}); });
/** /**
* Health Check * Health Check
* GET /api * GET /api
*/ */
router.get("/", async (_, res /*, next*/) => { router.get('/', (req, res/*, next*/) => {
const version = pjson.version.split("-").shift().split("."); let version = pjson.version.split('-').shift().split('.');
const setup = await isSetup();
res.status(200).send({ res.status(200).send({
status: "OK", status: 'OK',
setup,
version: { version: {
major: Number.parseInt(version.shift(), 10), major: parseInt(version.shift(), 10),
minor: Number.parseInt(version.shift(), 10), minor: parseInt(version.shift(), 10),
revision: Number.parseInt(version.shift(), 10), revision: parseInt(version.shift(), 10)
}, }
}); });
}); });
router.use("/schema", schemaRoutes); router.use('/schema', require('./schema'));
router.use("/tokens", tokensRoutes); router.use('/tokens', require('./tokens'));
router.use("/users", usersRoutes); router.use('/users', require('./users'));
router.use("/audit-log", auditLogRoutes); router.use('/audit-log', require('./audit-log'));
router.use("/reports", reportsRoutes); router.use('/reports', require('./reports'));
router.use("/settings", settingsRoutes); router.use('/settings', require('./settings'));
router.use("/nginx/proxy-hosts", proxyHostsRoutes); router.use('/nginx/proxy-hosts', require('./nginx/proxy_hosts'));
router.use("/nginx/redirection-hosts", redirectionHostsRoutes); router.use('/nginx/redirection-hosts', require('./nginx/redirection_hosts'));
router.use("/nginx/dead-hosts", deadHostsRoutes); router.use('/nginx/dead-hosts', require('./nginx/dead_hosts'));
router.use("/nginx/streams", streamsRoutes); router.use('/nginx/streams', require('./nginx/streams'));
router.use("/nginx/access-lists", accessListsRoutes); router.use('/nginx/access-lists', require('./nginx/access_lists'));
router.use("/nginx/certificates", certificatesHostsRoutes); router.use('/nginx/certificates', require('./nginx/certificates'));
/** /**
* API 404 for all other routes * API 404 for all other routes
* *
* ALL /api/* * ALL /api/*
*/ */
router.all(/(.+)/, (req, _, next) => { router.all(/(.+)/, function (req, _, next) {
req.params.page = req.params["0"]; req.params.page = req.params['0'];
next(new errs.ItemNotFoundError(req.params.page)); next(new error.ItemNotFoundError(req.params.page));
}); });
export default router; module.exports = router;

162
backend/routes/nginx/access_lists.js
View File

@@ -1,23 +1,22 @@
import express from "express"; const express = require('express');
import internalAccessList from "../../internal/access-list.js"; const validator = require('../../lib/validator');
import jwtdecode from "../../lib/express/jwt-decode.js"; const jwtdecode = require('../../lib/express/jwt-decode');
import apiValidator from "../../lib/validator/api.js"; const apiValidator = require('../../lib/validator/api');
import validator from "../../lib/validator/index.js"; const internalAccessList = require('../../internal/access-list');
import { express as logger } from "../../logger.js"; const schema = require('../../schema');
import { getValidationSchema } from "../../schema/index.js";
const router = express.Router({ let router = express.Router({
caseSensitive: true, caseSensitive: true,
strict: true, strict: true,
mergeParams: true, mergeParams: true
}); });
/** /**
* /api/nginx/access-lists * /api/nginx/access-lists
*/ */
router router
.route("/") .route('/')
.options((_, res) => { .options((req, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
.all(jwtdecode()) .all(jwtdecode())
@@ -27,31 +26,29 @@ router
* *
* Retrieve all access-lists * Retrieve all access-lists
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator(
{
additionalProperties: false, additionalProperties: false,
properties: { properties: {
expand: { expand: {
$ref: "common#/properties/expand", $ref: 'common#/properties/expand'
}, },
query: { query: {
$ref: "common#/properties/query", $ref: 'common#/properties/query'
},
},
},
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const rows = await internalAccessList.getAll(res.locals.access, data.expand, data.query);
res.status(200).send(rows);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
} }
}
}, {
expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null),
query: (typeof req.query.query === 'string' ? req.query.query : null)
})
.then((data) => {
return internalAccessList.getAll(res.locals.access, data.expand, data.query);
})
.then((rows) => {
res.status(200)
.send(rows);
})
.catch(next);
}) })
/** /**
@@ -59,15 +56,16 @@ router
* *
* Create a new access-list * Create a new access-list
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
try { apiValidator(schema.getValidationSchema('/nginx/access-lists', 'post'), req.body)
const payload = await apiValidator(getValidationSchema("/nginx/access-lists", "post"), req.body); .then((payload) => {
const result = await internalAccessList.create(res.locals.access, payload); return internalAccessList.create(res.locals.access, payload);
res.status(201).send(result); })
} catch (err) { .then((result) => {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); res.status(201)
next(err); .send(result);
} })
.catch(next);
}); });
/** /**
@@ -76,7 +74,7 @@ router
* /api/nginx/access-lists/123 * /api/nginx/access-lists/123
*/ */
router router
.route("/:list_id") .route('/:list_id')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -87,35 +85,33 @@ router
* *
* Retrieve a specific access-list * Retrieve a specific access-list
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator( required: ['list_id'],
{
required: ["list_id"],
additionalProperties: false, additionalProperties: false,
properties: { properties: {
list_id: { list_id: {
$ref: "common#/properties/id", $ref: 'common#/properties/id'
}, },
expand: { expand: {
$ref: "common#/properties/expand", $ref: 'common#/properties/expand'
},
},
},
{
list_id: req.params.list_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
);
const row = await internalAccessList.get(res.locals.access, {
id: Number.parseInt(data.list_id, 10),
expand: data.expand,
});
res.status(200).send(row);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
} }
}
}, {
list_id: req.params.list_id,
expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null)
})
.then((data) => {
return internalAccessList.get(res.locals.access, {
id: parseInt(data.list_id, 10),
expand: data.expand
});
})
.then((row) => {
res.status(200)
.send(row);
})
.catch(next);
}) })
/** /**
@@ -123,16 +119,17 @@ router
* *
* Update and existing access-list * Update and existing access-list
*/ */
.put(async (req, res, next) => { .put((req, res, next) => {
try { apiValidator(schema.getValidationSchema('/nginx/access-lists/{listID}', 'put'), req.body)
const payload = await apiValidator(getValidationSchema("/nginx/access-lists/{listID}", "put"), req.body); .then((payload) => {
payload.id = Number.parseInt(req.params.list_id, 10); payload.id = parseInt(req.params.list_id, 10);
const result = await internalAccessList.update(res.locals.access, payload); return internalAccessList.update(res.locals.access, payload);
res.status(200).send(result); })
} catch (err) { .then((result) => {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); res.status(200)
next(err); .send(result);
} })
.catch(next);
}) })
/** /**
@@ -140,16 +137,13 @@ router
* *
* Delete and existing access-list * Delete and existing access-list
*/ */
.delete(async (req, res, next) => { .delete((req, res, next) => {
try { internalAccessList.delete(res.locals.access, {id: parseInt(req.params.list_id, 10)})
const result = await internalAccessList.delete(res.locals.access, { .then((result) => {
id: Number.parseInt(req.params.list_id, 10), res.status(200)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
export default router; module.exports = router;

353
backend/routes/nginx/certificates.js
View File

@@ -1,24 +1,22 @@
import express from "express"; const express = require('express');
import dnsPlugins from "../../certbot/dns-plugins.json" with { type: "json" }; const error = require('../../lib/error');
import internalCertificate from "../../internal/certificate.js"; const validator = require('../../lib/validator');
import errs from "../../lib/error.js"; const jwtdecode = require('../../lib/express/jwt-decode');
import jwtdecode from "../../lib/express/jwt-decode.js"; const apiValidator = require('../../lib/validator/api');
import apiValidator from "../../lib/validator/api.js"; const internalCertificate = require('../../internal/certificate');
import validator from "../../lib/validator/index.js"; const schema = require('../../schema');
import { express as logger } from "../../logger.js";
import { getValidationSchema } from "../../schema/index.js";
const router = express.Router({ let router = express.Router({
caseSensitive: true, caseSensitive: true,
strict: true, strict: true,
mergeParams: true, mergeParams: true
}); });
/** /**
* /api/nginx/certificates * /api/nginx/certificates
*/ */
router router
.route("/") .route('/')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -29,38 +27,29 @@ router
* *
* Retrieve all certificates * Retrieve all certificates
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator(
{
additionalProperties: false, additionalProperties: false,
properties: { properties: {
expand: { expand: {
$ref: "common#/properties/expand", $ref: 'common#/properties/expand'
}, },
query: { query: {
$ref: "common#/properties/query", $ref: 'common#/properties/query'
},
},
},
{
expand:
typeof req.query.expand === "string"
? req.query.expand.split(",")
: null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const rows = await internalCertificate.getAll(
res.locals.access,
data.expand,
data.query,
);
res.status(200).send(rows);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
} }
}
}, {
expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null),
query: (typeof req.query.query === 'string' ? req.query.query : null)
})
.then((data) => {
return internalCertificate.getAll(res.locals.access, data.expand, data.query);
})
.then((rows) => {
res.status(200)
.send(rows);
})
.catch(next);
}) })
/** /**
@@ -68,56 +57,17 @@ router
* *
* Create a new certificate * Create a new certificate
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
try { apiValidator(schema.getValidationSchema('/nginx/certificates', 'post'), req.body)
const payload = await apiValidator( .then((payload) => {
getValidationSchema("/nginx/certificates", "post"),
req.body,
);
req.setTimeout(900000); // 15 minutes timeout req.setTimeout(900000); // 15 minutes timeout
const result = await internalCertificate.create( return internalCertificate.create(res.locals.access, payload);
res.locals.access,
payload,
);
res.status(201).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
* /api/nginx/certificates/dns-providers
*/
router
.route("/dns-providers")
.options((_, res) => {
res.sendStatus(204);
}) })
.all(jwtdecode()) .then((result) => {
res.status(201)
/** .send(result);
* GET /api/nginx/certificates/dns-providers })
* .catch(next);
* Get list of all supported DNS providers
*/
.get(async (req, res, next) => {
try {
if (!res.locals.access.token.getUserId()) {
throw new errs.PermissionError("Login required");
}
const clean = Object.keys(dnsPlugins).map((key) => ({
id: key,
name: dnsPlugins[key].name,
credentials: dnsPlugins[key].credentials,
}));
clean.sort((a, b) => a.name.localeCompare(b.name));
res.status(200).send(clean);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
/** /**
@@ -126,68 +76,29 @@ router
* /api/nginx/certificates/test-http * /api/nginx/certificates/test-http
*/ */
router router
.route("/test-http") .route('/test-http')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
.all(jwtdecode()) .all(jwtdecode())
/** /**
* POST /api/nginx/certificates/test-http * GET /api/nginx/certificates/test-http
* *
* Test HTTP challenge for domains * Test HTTP challenge for domains
*/ */
.post(async (req, res, next) => { .get((req, res, next) => {
try { if (req.query.domains === undefined) {
const payload = await apiValidator( next(new error.ValidationError('Domains are required as query parameters'));
getValidationSchema("/nginx/certificates/test-http", "post"),
req.body,
);
req.setTimeout(60000); // 1 minute timeout
const result = await internalCertificate.testHttpsChallenge(
res.locals.access,
payload,
);
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
* Validate Certs before saving
*
* /api/nginx/certificates/validate
*/
router
.route("/validate")
.options((_, res) => {
res.sendStatus(204);
})
.all(jwtdecode())
/**
* POST /api/nginx/certificates/validate
*
* Validate certificates
*/
.post(async (req, res, next) => {
if (!req.files) {
res.status(400).send({ error: "No files were uploaded" });
return; return;
} }
try { internalCertificate.testHttpsChallenge(res.locals.access, JSON.parse(req.query.domains))
const result = await internalCertificate.validate({ .then((result) => {
files: req.files, res.status(200)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
/** /**
@@ -196,7 +107,7 @@ router
* /api/nginx/certificates/123 * /api/nginx/certificates/123
*/ */
router router
.route("/:certificate_id") .route('/:certificate_id')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -207,38 +118,33 @@ router
* *
* Retrieve a specific certificate * Retrieve a specific certificate
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator( required: ['certificate_id'],
{
required: ["certificate_id"],
additionalProperties: false, additionalProperties: false,
properties: { properties: {
certificate_id: { certificate_id: {
$ref: "common#/properties/id", $ref: 'common#/properties/id'
}, },
expand: { expand: {
$ref: "common#/properties/expand", $ref: 'common#/properties/expand'
},
},
},
{
certificate_id: req.params.certificate_id,
expand:
typeof req.query.expand === "string"
? req.query.expand.split(",")
: null,
},
);
const row = await internalCertificate.get(res.locals.access, {
id: Number.parseInt(data.certificate_id, 10),
expand: data.expand,
});
res.status(200).send(row);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
} }
}
}, {
certificate_id: req.params.certificate_id,
expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null)
})
.then((data) => {
return internalCertificate.get(res.locals.access, {
id: parseInt(data.certificate_id, 10),
expand: data.expand
});
})
.then((row) => {
res.status(200)
.send(row);
})
.catch(next);
}) })
/** /**
@@ -246,16 +152,13 @@ router
* *
* Update and existing certificate * Update and existing certificate
*/ */
.delete(async (req, res, next) => { .delete((req, res, next) => {
try { internalCertificate.delete(res.locals.access, {id: parseInt(req.params.certificate_id, 10)})
const result = await internalCertificate.delete(res.locals.access, { .then((result) => {
id: Number.parseInt(req.params.certificate_id, 10), res.status(200)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
/** /**
@@ -264,7 +167,7 @@ router
* /api/nginx/certificates/123/upload * /api/nginx/certificates/123/upload
*/ */
router router
.route("/:certificate_id/upload") .route('/:certificate_id/upload')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -275,21 +178,20 @@ router
* *
* Upload certificates * Upload certificates
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
if (!req.files) { if (!req.files) {
res.status(400).send({ error: "No files were uploaded" }); res.status(400)
return; .send({error: 'No files were uploaded'});
} } else {
internalCertificate.upload(res.locals.access, {
try { id: parseInt(req.params.certificate_id, 10),
const result = await internalCertificate.upload(res.locals.access, { files: req.files
id: Number.parseInt(req.params.certificate_id, 10), })
files: req.files, .then((result) => {
}); res.status(200)
res.status(200).send(result); .send(result);
} catch (err) { })
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); .catch(next);
next(err);
} }
}); });
@@ -299,7 +201,7 @@ router
* /api/nginx/certificates/123/renew * /api/nginx/certificates/123/renew
*/ */
router router
.route("/:certificate_id/renew") .route('/:certificate_id/renew')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -310,17 +212,16 @@ router
* *
* Renew certificate * Renew certificate
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
req.setTimeout(900000); // 15 minutes timeout req.setTimeout(900000); // 15 minutes timeout
try { internalCertificate.renew(res.locals.access, {
const result = await internalCertificate.renew(res.locals.access, { id: parseInt(req.params.certificate_id, 10)
id: Number.parseInt(req.params.certificate_id, 10), })
}); .then((result) => {
res.status(200).send(result); res.status(200)
} catch (err) { .send(result);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); })
next(err); .catch(next);
}
}); });
/** /**
@@ -329,8 +230,8 @@ router
* /api/nginx/certificates/123/download * /api/nginx/certificates/123/download
*/ */
router router
.route("/:certificate_id/download") .route('/:certificate_id/download')
.options((_req, res) => { .options((req, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
.all(jwtdecode()) .all(jwtdecode())
@@ -340,16 +241,48 @@ router
* *
* Renew certificate * Renew certificate
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { internalCertificate.download(res.locals.access, {
const result = await internalCertificate.download(res.locals.access, { id: parseInt(req.params.certificate_id, 10)
id: Number.parseInt(req.params.certificate_id, 10), })
.then((result) => {
res.status(200)
.download(result.fileName);
})
.catch(next);
}); });
res.status(200).download(result.fileName);
} catch (err) { /**
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); * Validate Certs before saving
next(err); *
* /api/nginx/certificates/validate
*/
router
.route('/validate')
.options((_, res) => {
res.sendStatus(204);
})
.all(jwtdecode())
/**
* POST /api/nginx/certificates/validate
*
* Validate certificates
*/
.post((req, res, next) => {
if (!req.files) {
res.status(400)
.send({error: 'No files were uploaded'});
} else {
internalCertificate.validate({
files: req.files
})
.then((result) => {
res.status(200)
.send(result);
})
.catch(next);
} }
}); });
export default router; module.exports = router;

200
backend/routes/nginx/dead_hosts.js
View File

@@ -1,22 +1,21 @@
import express from "express"; const express = require('express');
import internalDeadHost from "../../internal/dead-host.js"; const validator = require('../../lib/validator');
import jwtdecode from "../../lib/express/jwt-decode.js"; const jwtdecode = require('../../lib/express/jwt-decode');
import apiValidator from "../../lib/validator/api.js"; const apiValidator = require('../../lib/validator/api');
import validator from "../../lib/validator/index.js"; const internalDeadHost = require('../../internal/dead-host');
import { express as logger } from "../../logger.js"; const schema = require('../../schema');
import { getValidationSchema } from "../../schema/index.js";
const router = express.Router({ let router = express.Router({
caseSensitive: true, caseSensitive: true,
strict: true, strict: true,
mergeParams: true, mergeParams: true
}); });
/** /**
* /api/nginx/dead-hosts * /api/nginx/dead-hosts
*/ */
router router
.route("/") .route('/')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -27,31 +26,29 @@ router
* *
* Retrieve all dead-hosts * Retrieve all dead-hosts
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator(
{
additionalProperties: false, additionalProperties: false,
properties: { properties: {
expand: { expand: {
$ref: "common#/properties/expand", $ref: 'common#/properties/expand'
}, },
query: { query: {
$ref: "common#/properties/query", $ref: 'common#/properties/query'
},
},
},
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const rows = await internalDeadHost.getAll(res.locals.access, data.expand, data.query);
res.status(200).send(rows);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
} }
}
}, {
expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null),
query: (typeof req.query.query === 'string' ? req.query.query : null)
})
.then((data) => {
return internalDeadHost.getAll(res.locals.access, data.expand, data.query);
})
.then((rows) => {
res.status(200)
.send(rows);
})
.catch(next);
}) })
/** /**
@@ -59,15 +56,16 @@ router
* *
* Create a new dead-host * Create a new dead-host
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
try { apiValidator(schema.getValidationSchema('/nginx/dead-hosts', 'post'), req.body)
const payload = await apiValidator(getValidationSchema("/nginx/dead-hosts", "post"), req.body); .then((payload) => {
const result = await internalDeadHost.create(res.locals.access, payload); return internalDeadHost.create(res.locals.access, payload);
res.status(201).send(result); })
} catch (err) { .then((result) => {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); res.status(201)
next(err); .send(result);
} })
.catch(next);
}); });
/** /**
@@ -76,8 +74,8 @@ router
* /api/nginx/dead-hosts/123 * /api/nginx/dead-hosts/123
*/ */
router router
.route("/:host_id") .route('/:host_id')
.options((_, res) => { .options((req, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
.all(jwtdecode()) .all(jwtdecode())
@@ -87,69 +85,65 @@ router
* *
* Retrieve a specific dead-host * Retrieve a specific dead-host
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator( required: ['host_id'],
{
required: ["host_id"],
additionalProperties: false, additionalProperties: false,
properties: { properties: {
host_id: { host_id: {
$ref: "common#/properties/id", $ref: 'common#/properties/id'
}, },
expand: { expand: {
$ref: "common#/properties/expand", $ref: 'common#/properties/expand'
},
},
},
{
host_id: req.params.host_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
);
const row = await internalDeadHost.get(res.locals.access, {
id: Number.parseInt(data.host_id, 10),
expand: data.expand,
});
res.status(200).send(row);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
} }
}
}, {
host_id: req.params.host_id,
expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null)
})
.then((data) => {
return internalDeadHost.get(res.locals.access, {
id: parseInt(data.host_id, 10),
expand: data.expand
});
})
.then((row) => {
res.status(200)
.send(row);
})
.catch(next);
}) })
/** /**
* PUT /api/nginx/dead-hosts/123 * PUT /api/nginx/dead-hosts/123
* *
* Update an existing dead-host * Update and existing dead-host
*/ */
.put(async (req, res, next) => { .put((req, res, next) => {
try { apiValidator(schema.getValidationSchema('/nginx/dead-hosts/{hostID}', 'put'), req.body)
const payload = await apiValidator(getValidationSchema("/nginx/dead-hosts/{hostID}", "put"), req.body); .then((payload) => {
payload.id = Number.parseInt(req.params.host_id, 10); payload.id = parseInt(req.params.host_id, 10);
const result = await internalDeadHost.update(res.locals.access, payload); return internalDeadHost.update(res.locals.access, payload);
res.status(200).send(result); })
} catch (err) { .then((result) => {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); res.status(200)
next(err); .send(result);
} })
.catch(next);
}) })
/** /**
* DELETE /api/nginx/dead-hosts/123 * DELETE /api/nginx/dead-hosts/123
* *
* Delete a dead-host * Update and existing dead-host
*/ */
.delete(async (req, res, next) => { .delete((req, res, next) => {
try { internalDeadHost.delete(res.locals.access, {id: parseInt(req.params.host_id, 10)})
const result = await internalDeadHost.delete(res.locals.access, { .then((result) => {
id: Number.parseInt(req.params.host_id, 10), res.status(200)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
/** /**
@@ -158,7 +152,7 @@ router
* /api/nginx/dead-hosts/123/enable * /api/nginx/dead-hosts/123/enable
*/ */
router router
.route("/:host_id/enable") .route('/:host_id/enable')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -167,16 +161,13 @@ router
/** /**
* POST /api/nginx/dead-hosts/123/enable * POST /api/nginx/dead-hosts/123/enable
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
try { internalDeadHost.enable(res.locals.access, {id: parseInt(req.params.host_id, 10)})
const result = await internalDeadHost.enable(res.locals.access, { .then((result) => {
id: Number.parseInt(req.params.host_id, 10), res.status(200)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
/** /**
@@ -185,7 +176,7 @@ router
* /api/nginx/dead-hosts/123/disable * /api/nginx/dead-hosts/123/disable
*/ */
router router
.route("/:host_id/disable") .route('/:host_id/disable')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -195,13 +186,12 @@ router
* POST /api/nginx/dead-hosts/123/disable * POST /api/nginx/dead-hosts/123/disable
*/ */
.post((req, res, next) => { .post((req, res, next) => {
try { internalDeadHost.disable(res.locals.access, {id: parseInt(req.params.host_id, 10)})
const result = internalDeadHost.disable(res.locals.access, { id: Number.parseInt(req.params.host_id, 10) }); .then((result) => {
res.status(200).send(result); res.status(200)
} catch (err) { .send(result);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); })
next(err); .catch(next);
}
}); });
export default router; module.exports = router;

202
backend/routes/nginx/proxy_hosts.js
View File

@@ -1,23 +1,22 @@
import express from "express"; const express = require('express');
import internalProxyHost from "../../internal/proxy-host.js"; const validator = require('../../lib/validator');
import jwtdecode from "../../lib/express/jwt-decode.js"; const jwtdecode = require('../../lib/express/jwt-decode');
import apiValidator from "../../lib/validator/api.js"; const apiValidator = require('../../lib/validator/api');
import validator from "../../lib/validator/index.js"; const internalProxyHost = require('../../internal/proxy-host');
import { express as logger } from "../../logger.js"; const schema = require('../../schema');
import { getValidationSchema } from "../../schema/index.js";
const router = express.Router({ let router = express.Router({
caseSensitive: true, caseSensitive: true,
strict: true, strict: true,
mergeParams: true, mergeParams: true
}); });
/** /**
* /api/nginx/proxy-hosts * /api/nginx/proxy-hosts
*/ */
router router
.route("/") .route('/')
.options((_, res) => { .options((req, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
.all(jwtdecode()) .all(jwtdecode())
@@ -27,31 +26,29 @@ router
* *
* Retrieve all proxy-hosts * Retrieve all proxy-hosts
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator(
{
additionalProperties: false, additionalProperties: false,
properties: { properties: {
expand: { expand: {
$ref: "common#/properties/expand", $ref: 'common#/properties/expand'
}, },
query: { query: {
$ref: "common#/properties/query", $ref: 'common#/properties/query'
},
},
},
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const rows = await internalProxyHost.getAll(res.locals.access, data.expand, data.query);
res.status(200).send(rows);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
} }
}
}, {
expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null),
query: (typeof req.query.query === 'string' ? req.query.query : null)
})
.then((data) => {
return internalProxyHost.getAll(res.locals.access, data.expand, data.query);
})
.then((rows) => {
res.status(200)
.send(rows);
})
.catch(next);
}) })
/** /**
@@ -59,15 +56,16 @@ router
* *
* Create a new proxy-host * Create a new proxy-host
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
try { apiValidator(schema.getValidationSchema('/nginx/proxy-hosts', 'post'), req.body)
const payload = await apiValidator(getValidationSchema("/nginx/proxy-hosts", "post"), req.body); .then((payload) => {
const result = await internalProxyHost.create(res.locals.access, payload); return internalProxyHost.create(res.locals.access, payload);
res.status(201).send(result); })
} catch (err) { .then((result) => {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err} ${JSON.stringify(err.debug, null, 2)}`); res.status(201)
next(err); .send(result);
} })
.catch(next);
}); });
/** /**
@@ -76,8 +74,8 @@ router
* /api/nginx/proxy-hosts/123 * /api/nginx/proxy-hosts/123
*/ */
router router
.route("/:host_id") .route('/:host_id')
.options((_, res) => { .options((req, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
.all(jwtdecode()) .all(jwtdecode())
@@ -87,35 +85,33 @@ router
* *
* Retrieve a specific proxy-host * Retrieve a specific proxy-host
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator( required: ['host_id'],
{
required: ["host_id"],
additionalProperties: false, additionalProperties: false,
properties: { properties: {
host_id: { host_id: {
$ref: "common#/properties/id", $ref: 'common#/properties/id'
}, },
expand: { expand: {
$ref: "common#/properties/expand", $ref: 'common#/properties/expand'
},
},
},
{
host_id: req.params.host_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
);
const row = await internalProxyHost.get(res.locals.access, {
id: Number.parseInt(data.host_id, 10),
expand: data.expand,
});
res.status(200).send(row);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
} }
}
}, {
host_id: req.params.host_id,
expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null)
})
.then((data) => {
return internalProxyHost.get(res.locals.access, {
id: parseInt(data.host_id, 10),
expand: data.expand
});
})
.then((row) => {
res.status(200)
.send(row);
})
.catch(next);
}) })
/** /**
@@ -123,16 +119,17 @@ router
* *
* Update and existing proxy-host * Update and existing proxy-host
*/ */
.put(async (req, res, next) => { .put((req, res, next) => {
try { apiValidator(schema.getValidationSchema('/nginx/proxy-hosts/{hostID}', 'put'), req.body)
const payload = await apiValidator(getValidationSchema("/nginx/proxy-hosts/{hostID}", "put"), req.body); .then((payload) => {
payload.id = Number.parseInt(req.params.host_id, 10); payload.id = parseInt(req.params.host_id, 10);
const result = await internalProxyHost.update(res.locals.access, payload); return internalProxyHost.update(res.locals.access, payload);
res.status(200).send(result); })
} catch (err) { .then((result) => {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); res.status(200)
next(err); .send(result);
} })
.catch(next);
}) })
/** /**
@@ -140,16 +137,13 @@ router
* *
* Update and existing proxy-host * Update and existing proxy-host
*/ */
.delete(async (req, res, next) => { .delete((req, res, next) => {
try { internalProxyHost.delete(res.locals.access, {id: parseInt(req.params.host_id, 10)})
const result = await internalProxyHost.delete(res.locals.access, { .then((result) => {
id: Number.parseInt(req.params.host_id, 10), res.status(200)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
/** /**
@@ -158,7 +152,7 @@ router
* /api/nginx/proxy-hosts/123/enable * /api/nginx/proxy-hosts/123/enable
*/ */
router router
.route("/:host_id/enable") .route('/:host_id/enable')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -167,16 +161,13 @@ router
/** /**
* POST /api/nginx/proxy-hosts/123/enable * POST /api/nginx/proxy-hosts/123/enable
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
try { internalProxyHost.enable(res.locals.access, {id: parseInt(req.params.host_id, 10)})
const result = await internalProxyHost.enable(res.locals.access, { .then((result) => {
id: Number.parseInt(req.params.host_id, 10), res.status(200)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
/** /**
@@ -185,7 +176,7 @@ router
* /api/nginx/proxy-hosts/123/disable * /api/nginx/proxy-hosts/123/disable
*/ */
router router
.route("/:host_id/disable") .route('/:host_id/disable')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -194,16 +185,13 @@ router
/** /**
* POST /api/nginx/proxy-hosts/123/disable * POST /api/nginx/proxy-hosts/123/disable
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
try { internalProxyHost.disable(res.locals.access, {id: parseInt(req.params.host_id, 10)})
const result = await internalProxyHost.disable(res.locals.access, { .then((result) => {
id: Number.parseInt(req.params.host_id, 10), res.status(200)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
export default router; module.exports = router;

209
backend/routes/nginx/redirection_hosts.js
View File

@@ -1,23 +1,22 @@
import express from "express"; const express = require('express');
import internalRedirectionHost from "../../internal/redirection-host.js"; const validator = require('../../lib/validator');
import jwtdecode from "../../lib/express/jwt-decode.js"; const jwtdecode = require('../../lib/express/jwt-decode');
import apiValidator from "../../lib/validator/api.js"; const apiValidator = require('../../lib/validator/api');
import validator from "../../lib/validator/index.js"; const internalRedirectionHost = require('../../internal/redirection-host');
import { express as logger } from "../../logger.js"; const schema = require('../../schema');
import { getValidationSchema } from "../../schema/index.js";
const router = express.Router({ let router = express.Router({
caseSensitive: true, caseSensitive: true,
strict: true, strict: true,
mergeParams: true, mergeParams: true
}); });
/** /**
* /api/nginx/redirection-hosts * /api/nginx/redirection-hosts
*/ */
router router
.route("/") .route('/')
.options((_, res) => { .options((req, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
.all(jwtdecode()) .all(jwtdecode())
@@ -27,31 +26,29 @@ router
* *
* Retrieve all redirection-hosts * Retrieve all redirection-hosts
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator(
{
additionalProperties: false, additionalProperties: false,
properties: { properties: {
expand: { expand: {
$ref: "common#/properties/expand", $ref: 'common#/properties/expand'
}, },
query: { query: {
$ref: "common#/properties/query", $ref: 'common#/properties/query'
},
},
},
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const rows = await internalRedirectionHost.getAll(res.locals.access, data.expand, data.query);
res.status(200).send(rows);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
} }
}
}, {
expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null),
query: (typeof req.query.query === 'string' ? req.query.query : null)
})
.then((data) => {
return internalRedirectionHost.getAll(res.locals.access, data.expand, data.query);
})
.then((rows) => {
res.status(200)
.send(rows);
})
.catch(next);
}) })
/** /**
@@ -59,15 +56,16 @@ router
* *
* Create a new redirection-host * Create a new redirection-host
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
try { apiValidator(schema.getValidationSchema('/nginx/redirection-hosts', 'post'), req.body)
const payload = await apiValidator(getValidationSchema("/nginx/redirection-hosts", "post"), req.body); .then((payload) => {
const result = await internalRedirectionHost.create(res.locals.access, payload); return internalRedirectionHost.create(res.locals.access, payload);
res.status(201).send(result); })
} catch (err) { .then((result) => {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); res.status(201)
next(err); .send(result);
} })
.catch(next);
}); });
/** /**
@@ -76,8 +74,8 @@ router
* /api/nginx/redirection-hosts/123 * /api/nginx/redirection-hosts/123
*/ */
router router
.route("/:host_id") .route('/:host_id')
.options((_, res) => { .options((req, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
.all(jwtdecode()) .all(jwtdecode())
@@ -87,35 +85,33 @@ router
* *
* Retrieve a specific redirection-host * Retrieve a specific redirection-host
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator( required: ['host_id'],
{
required: ["host_id"],
additionalProperties: false, additionalProperties: false,
properties: { properties: {
host_id: { host_id: {
$ref: "common#/properties/id", $ref: 'common#/properties/id'
}, },
expand: { expand: {
$ref: "common#/properties/expand", $ref: 'common#/properties/expand'
},
},
},
{
host_id: req.params.host_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
);
const row = await internalRedirectionHost.get(res.locals.access, {
id: Number.parseInt(data.host_id, 10),
expand: data.expand,
});
res.status(200).send(row);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
} }
}
}, {
host_id: req.params.host_id,
expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null)
})
.then((data) => {
return internalRedirectionHost.get(res.locals.access, {
id: parseInt(data.host_id, 10),
expand: data.expand
});
})
.then((row) => {
res.status(200)
.send(row);
})
.catch(next);
}) })
/** /**
@@ -123,19 +119,17 @@ router
* *
* Update and existing redirection-host * Update and existing redirection-host
*/ */
.put(async (req, res, next) => { .put((req, res, next) => {
try { apiValidator(schema.getValidationSchema('/nginx/redirection-hosts/{hostID}', 'put'), req.body)
const payload = await apiValidator( .then((payload) => {
getValidationSchema("/nginx/redirection-hosts/{hostID}", "put"), payload.id = parseInt(req.params.host_id, 10);
req.body, return internalRedirectionHost.update(res.locals.access, payload);
); })
payload.id = Number.parseInt(req.params.host_id, 10); .then((result) => {
const result = await internalRedirectionHost.update(res.locals.access, payload); res.status(200)
res.status(200).send(result); .send(result);
} catch (err) { })
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); .catch(next);
next(err);
}
}) })
/** /**
@@ -143,16 +137,13 @@ router
* *
* Update and existing redirection-host * Update and existing redirection-host
*/ */
.delete(async (req, res, next) => { .delete((req, res, next) => {
try { internalRedirectionHost.delete(res.locals.access, {id: parseInt(req.params.host_id, 10)})
const result = await internalRedirectionHost.delete(res.locals.access, { .then((result) => {
id: Number.parseInt(req.params.host_id, 10), res.status(200)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
/** /**
@@ -161,8 +152,8 @@ router
* /api/nginx/redirection-hosts/123/enable * /api/nginx/redirection-hosts/123/enable
*/ */
router router
.route("/:host_id/enable") .route('/:host_id/enable')
.options((_, res) => { .options((req, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
.all(jwtdecode()) .all(jwtdecode())
@@ -170,16 +161,13 @@ router
/** /**
* POST /api/nginx/redirection-hosts/123/enable * POST /api/nginx/redirection-hosts/123/enable
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
try { internalRedirectionHost.enable(res.locals.access, {id: parseInt(req.params.host_id, 10)})
const result = await internalRedirectionHost.enable(res.locals.access, { .then((result) => {
id: Number.parseInt(req.params.host_id, 10), res.status(200)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
/** /**
@@ -188,8 +176,8 @@ router
* /api/nginx/redirection-hosts/123/disable * /api/nginx/redirection-hosts/123/disable
*/ */
router router
.route("/:host_id/disable") .route('/:host_id/disable')
.options((_, res) => { .options((req, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
.all(jwtdecode()) .all(jwtdecode())
@@ -197,16 +185,13 @@ router
/** /**
* POST /api/nginx/redirection-hosts/123/disable * POST /api/nginx/redirection-hosts/123/disable
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
try { internalRedirectionHost.disable(res.locals.access, {id: parseInt(req.params.host_id, 10)})
const result = await internalRedirectionHost.disable(res.locals.access, { .then((result) => {
id: Number.parseInt(req.params.host_id, 10), res.status(200)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
export default router; module.exports = router;

202
backend/routes/nginx/streams.js
View File

@@ -1,23 +1,22 @@
import express from "express"; const express = require('express');
import internalStream from "../../internal/stream.js"; const validator = require('../../lib/validator');
import jwtdecode from "../../lib/express/jwt-decode.js"; const jwtdecode = require('../../lib/express/jwt-decode');
import apiValidator from "../../lib/validator/api.js"; const apiValidator = require('../../lib/validator/api');
import validator from "../../lib/validator/index.js"; const internalStream = require('../../internal/stream');
import { express as logger } from "../../logger.js"; const schema = require('../../schema');
import { getValidationSchema } from "../../schema/index.js";
const router = express.Router({ let router = express.Router({
caseSensitive: true, caseSensitive: true,
strict: true, strict: true,
mergeParams: true, mergeParams: true
}); });
/** /**
* /api/nginx/streams * /api/nginx/streams
*/ */
router router
.route("/") .route('/')
.options((_, res) => { .options((req, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
.all(jwtdecode()) // preferred so it doesn't apply to nonexistent routes .all(jwtdecode()) // preferred so it doesn't apply to nonexistent routes
@@ -27,31 +26,29 @@ router
* *
* Retrieve all streams * Retrieve all streams
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator(
{
additionalProperties: false, additionalProperties: false,
properties: { properties: {
expand: { expand: {
$ref: "common#/properties/expand", $ref: 'common#/properties/expand'
}, },
query: { query: {
$ref: "common#/properties/query", $ref: 'common#/properties/query'
},
},
},
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const rows = await internalStream.getAll(res.locals.access, data.expand, data.query);
res.status(200).send(rows);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
} }
}
}, {
expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null),
query: (typeof req.query.query === 'string' ? req.query.query : null)
})
.then((data) => {
return internalStream.getAll(res.locals.access, data.expand, data.query);
})
.then((rows) => {
res.status(200)
.send(rows);
})
.catch(next);
}) })
/** /**
@@ -59,15 +56,16 @@ router
* *
* Create a new stream * Create a new stream
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
try { apiValidator(schema.getValidationSchema('/nginx/streams', 'post'), req.body)
const payload = await apiValidator(getValidationSchema("/nginx/streams", "post"), req.body); .then((payload) => {
const result = await internalStream.create(res.locals.access, payload); return internalStream.create(res.locals.access, payload);
res.status(201).send(result); })
} catch (err) { .then((result) => {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); res.status(201)
next(err); .send(result);
} })
.catch(next);
}); });
/** /**
@@ -76,8 +74,8 @@ router
* /api/nginx/streams/123 * /api/nginx/streams/123
*/ */
router router
.route("/:stream_id") .route('/:stream_id')
.options((_, res) => { .options((req, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
.all(jwtdecode()) // preferred so it doesn't apply to nonexistent routes .all(jwtdecode()) // preferred so it doesn't apply to nonexistent routes
@@ -87,35 +85,33 @@ router
* *
* Retrieve a specific stream * Retrieve a specific stream
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator( required: ['stream_id'],
{
required: ["stream_id"],
additionalProperties: false, additionalProperties: false,
properties: { properties: {
stream_id: { stream_id: {
$ref: "common#/properties/id", $ref: 'common#/properties/id'
}, },
expand: { expand: {
$ref: "common#/properties/expand", $ref: 'common#/properties/expand'
},
},
},
{
stream_id: req.params.stream_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
);
const row = await internalStream.get(res.locals.access, {
id: Number.parseInt(data.stream_id, 10),
expand: data.expand,
});
res.status(200).send(row);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
} }
}
}, {
stream_id: req.params.stream_id,
expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null)
})
.then((data) => {
return internalStream.get(res.locals.access, {
id: parseInt(data.stream_id, 10),
expand: data.expand
});
})
.then((row) => {
res.status(200)
.send(row);
})
.catch(next);
}) })
/** /**
@@ -123,16 +119,17 @@ router
* *
* Update and existing stream * Update and existing stream
*/ */
.put(async (req, res, next) => { .put((req, res, next) => {
try { apiValidator(schema.getValidationSchema('/nginx/streams/{streamID}', 'put'), req.body)
const payload = await apiValidator(getValidationSchema("/nginx/streams/{streamID}", "put"), req.body); .then((payload) => {
payload.id = Number.parseInt(req.params.stream_id, 10); payload.id = parseInt(req.params.stream_id, 10);
const result = await internalStream.update(res.locals.access, payload); return internalStream.update(res.locals.access, payload);
res.status(200).send(result); })
} catch (err) { .then((result) => {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); res.status(200)
next(err); .send(result);
} })
.catch(next);
}) })
/** /**
@@ -140,16 +137,13 @@ router
* *
* Update and existing stream * Update and existing stream
*/ */
.delete(async (req, res, next) => { .delete((req, res, next) => {
try { internalStream.delete(res.locals.access, {id: parseInt(req.params.stream_id, 10)})
const result = await internalStream.delete(res.locals.access, { .then((result) => {
id: Number.parseInt(req.params.stream_id, 10), res.status(200)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
/** /**
@@ -158,7 +152,7 @@ router
* /api/nginx/streams/123/enable * /api/nginx/streams/123/enable
*/ */
router router
.route("/:host_id/enable") .route('/:host_id/enable')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -167,16 +161,13 @@ router
/** /**
* POST /api/nginx/streams/123/enable * POST /api/nginx/streams/123/enable
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
try { internalStream.enable(res.locals.access, {id: parseInt(req.params.host_id, 10)})
const result = await internalStream.enable(res.locals.access, { .then((result) => {
id: Number.parseInt(req.params.host_id, 10), res.status(200)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
/** /**
@@ -185,7 +176,7 @@ router
* /api/nginx/streams/123/disable * /api/nginx/streams/123/disable
*/ */
router router
.route("/:host_id/disable") .route('/:host_id/disable')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -194,16 +185,13 @@ router
/** /**
* POST /api/nginx/streams/123/disable * POST /api/nginx/streams/123/disable
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
try { internalStream.disable(res.locals.access, {id: parseInt(req.params.host_id, 10)})
const result = await internalStream.disable(res.locals.access, { .then((result) => {
id: Number.parseInt(req.params.host_id, 10), res.status(200)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
export default router; module.exports = router;

31
backend/routes/reports.js
View File

@@ -1,32 +1,29 @@
import express from "express"; const express = require('express');
import internalReport from "../internal/report.js"; const jwtdecode = require('../lib/express/jwt-decode');
import jwtdecode from "../lib/express/jwt-decode.js"; const internalReport = require('../internal/report');
import { express as logger } from "../logger.js";
const router = express.Router({ let router = express.Router({
caseSensitive: true, caseSensitive: true,
strict: true, strict: true,
mergeParams: true, mergeParams: true
}); });
router router
.route("/hosts") .route('/hosts')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
.all(jwtdecode())
/** /**
* GET /reports/hosts * GET /reports/hosts
*/ */
.get(async (req, res, next) => { .get(jwtdecode(), (_, res, next) => {
try { internalReport.getHostsReport(res.locals.access)
const data = await internalReport.getHostsReport(res.locals.access); .then((data) => {
res.status(200).send(data); res.status(200)
} catch (err) { .send(data);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); })
next(err); .catch(next);
}
}); });
export default router; module.exports = router;

30
backend/routes/schema.js
View File

@@ -1,16 +1,15 @@
import express from "express"; const express = require('express');
import { express as logger } from "../logger.js"; const schema = require('../schema');
import PACKAGE from "../package.json" with { type: "json" }; const PACKAGE = require('../package.json');
import { getCompiledSchema } from "../schema/index.js";
const router = express.Router({ const router = express.Router({
caseSensitive: true, caseSensitive: true,
strict: true, strict: true,
mergeParams: true, mergeParams: true
}); });
router router
.route("/") .route('/')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -19,26 +18,21 @@ router
* GET /schema * GET /schema
*/ */
.get(async (req, res) => { .get(async (req, res) => {
try { let swaggerJSON = await schema.getCompiledSchema();
const swaggerJSON = await getCompiledSchema();
let proto = req.protocol; let proto = req.protocol;
if (typeof req.headers["x-forwarded-proto"] !== "undefined" && req.headers["x-forwarded-proto"]) { if (typeof req.headers['x-forwarded-proto'] !== 'undefined' && req.headers['x-forwarded-proto']) {
proto = req.headers["x-forwarded-proto"]; proto = req.headers['x-forwarded-proto'];
} }
let origin = `${proto}://${req.hostname}`; let origin = proto + '://' + req.hostname;
if (typeof req.headers.origin !== "undefined" && req.headers.origin) { if (typeof req.headers.origin !== 'undefined' && req.headers.origin) {
origin = req.headers.origin; origin = req.headers.origin;
} }
swaggerJSON.info.version = PACKAGE.version; swaggerJSON.info.version = PACKAGE.version;
swaggerJSON.servers[0].url = `${origin}/api`; swaggerJSON.servers[0].url = origin + '/api';
res.status(200).send(swaggerJSON); res.status(200).send(swaggerJSON);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
export default router; module.exports = router;

97
backend/routes/settings.js
View File

@@ -1,22 +1,21 @@
import express from "express"; const express = require('express');
import internalSetting from "../internal/setting.js"; const validator = require('../lib/validator');
import jwtdecode from "../lib/express/jwt-decode.js"; const jwtdecode = require('../lib/express/jwt-decode');
import apiValidator from "../lib/validator/api.js"; const apiValidator = require('../lib/validator/api');
import validator from "../lib/validator/index.js"; const internalSetting = require('../internal/setting');
import { express as logger } from "../logger.js"; const schema = require('../schema');
import { getValidationSchema } from "../schema/index.js";
const router = express.Router({ let router = express.Router({
caseSensitive: true, caseSensitive: true,
strict: true, strict: true,
mergeParams: true, mergeParams: true
}); });
/** /**
* /api/settings * /api/settings
*/ */
router router
.route("/") .route('/')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -27,14 +26,13 @@ router
* *
* Retrieve all settings * Retrieve all settings
*/ */
.get(async (req, res, next) => { .get((_, res, next) => {
try { internalSetting.getAll(res.locals.access)
const rows = await internalSetting.getAll(res.locals.access); .then((rows) => {
res.status(200).send(rows); res.status(200)
} catch (err) { .send(rows);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); })
next(err); .catch(next);
}
}); });
/** /**
@@ -43,7 +41,7 @@ router
* /api/settings/something * /api/settings/something
*/ */
router router
.route("/:setting_id") .route('/:setting_id')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -54,31 +52,29 @@ router
* *
* Retrieve a specific setting * Retrieve a specific setting
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator( required: ['setting_id'],
{
required: ["setting_id"],
additionalProperties: false, additionalProperties: false,
properties: { properties: {
setting_id: { setting_id: {
type: "string", type: 'string',
minLength: 1, minLength: 1
},
},
},
{
setting_id: req.params.setting_id,
},
);
const row = await internalSetting.get(res.locals.access, {
id: data.setting_id,
});
res.status(200).send(row);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
} }
}
}, {
setting_id: req.params.setting_id
})
.then((data) => {
return internalSetting.get(res.locals.access, {
id: data.setting_id
});
})
.then((row) => {
res.status(200)
.send(row);
})
.catch(next);
}) })
/** /**
@@ -86,16 +82,17 @@ router
* *
* Update and existing setting * Update and existing setting
*/ */
.put(async (req, res, next) => { .put((req, res, next) => {
try { apiValidator(schema.getValidationSchema('/settings/{settingID}', 'put'), req.body)
const payload = await apiValidator(getValidationSchema("/settings/{settingID}", "put"), req.body); .then((payload) => {
payload.id = req.params.setting_id; payload.id = req.params.setting_id;
const result = await internalSetting.update(res.locals.access, payload); return internalSetting.update(res.locals.access, payload);
res.status(200).send(result); })
} catch (err) { .then((result) => {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); res.status(200)
next(err); .send(result);
} })
.catch(next);
}); });
export default router; module.exports = router;

55
backend/routes/tokens.js
View File

@@ -1,18 +1,17 @@
import express from "express"; const express = require('express');
import internalToken from "../internal/token.js"; const jwtdecode = require('../lib/express/jwt-decode');
import jwtdecode from "../lib/express/jwt-decode.js"; const apiValidator = require('../lib/validator/api');
import apiValidator from "../lib/validator/api.js"; const internalToken = require('../internal/token');
import { express as logger } from "../logger.js"; const schema = require('../schema');
import { getValidationSchema } from "../schema/index.js";
const router = express.Router({ let router = express.Router({
caseSensitive: true, caseSensitive: true,
strict: true, strict: true,
mergeParams: true, mergeParams: true
}); });
router router
.route("/") .route('/')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -24,17 +23,16 @@ router
* We also piggy back on to this method, allowing admins to get tokens * We also piggy back on to this method, allowing admins to get tokens
* for services like Job board and Worker. * for services like Job board and Worker.
*/ */
.get(jwtdecode(), async (req, res, next) => { .get(jwtdecode(), (req, res, next) => {
try { internalToken.getFreshToken(res.locals.access, {
const data = await internalToken.getFreshToken(res.locals.access, { expiry: (typeof req.query.expiry !== 'undefined' ? req.query.expiry : null),
expiry: typeof req.query.expiry !== "undefined" ? req.query.expiry : null, scope: (typeof req.query.scope !== 'undefined' ? req.query.scope : null)
scope: typeof req.query.scope !== "undefined" ? req.query.scope : null, })
}); .then((data) => {
res.status(200).send(data); res.status(200)
} catch (err) { .send(data);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); })
next(err); .catch(next);
}
}) })
/** /**
@@ -43,14 +41,13 @@ router
* Create a new Token * Create a new Token
*/ */
.post(async (req, res, next) => { .post(async (req, res, next) => {
try { apiValidator(schema.getValidationSchema('/tokens', 'post'), req.body)
const data = await apiValidator(getValidationSchema("/tokens", "post"), req.body); .then(internalToken.getTokenFromEmail)
const result = await internalToken.getTokenFromEmail(data); .then((data) => {
res.status(200).send(result); res.status(200)
} catch (err) { .send(data);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); })
next(err); .catch(next);
}
}); });
export default router; module.exports = router;

305
backend/routes/users.js
View File

@@ -1,27 +1,22 @@
import express from "express"; const express = require('express');
import internalUser from "../internal/user.js"; const validator = require('../lib/validator');
import Access from "../lib/access.js"; const jwtdecode = require('../lib/express/jwt-decode');
import { isCI } from "../lib/config.js"; const userIdFromMe = require('../lib/express/user-id-from-me');
import errs from "../lib/error.js"; const internalUser = require('../internal/user');
import jwtdecode from "../lib/express/jwt-decode.js"; const apiValidator = require('../lib/validator/api');
import userIdFromMe from "../lib/express/user-id-from-me.js"; const schema = require('../schema');
import apiValidator from "../lib/validator/api.js";
import validator from "../lib/validator/index.js";
import { express as logger } from "../logger.js";
import { getValidationSchema } from "../schema/index.js";
import { isSetup } from "../setup.js";
const router = express.Router({ let router = express.Router({
caseSensitive: true, caseSensitive: true,
strict: true, strict: true,
mergeParams: true, mergeParams: true
}); });
/** /**
* /api/users * /api/users
*/ */
router router
.route("/") .route('/')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -32,38 +27,33 @@ router
* *
* Retrieve all users * Retrieve all users
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator(
{
additionalProperties: false, additionalProperties: false,
properties: { properties: {
expand: { expand: {
$ref: "common#/properties/expand", $ref: 'common#/properties/expand'
}, },
query: { query: {
$ref: "common#/properties/query", $ref: 'common#/properties/query'
},
},
},
{
expand:
typeof req.query.expand === "string"
? req.query.expand.split(",")
: null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const users = await internalUser.getAll(
res.locals.access,
data.expand,
data.query,
);
res.status(200).send(users);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
} }
}
}, {
expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null),
query: (typeof req.query.query === 'string' ? req.query.query : null)
})
.then((data) => {
return internalUser.getAll(res.locals.access, data.expand, data.query);
})
.then((users) => {
res.status(200)
.send(users);
})
.catch((err) => {
console.log(err);
next(err);
});
//.catch(next);
}) })
/** /**
@@ -71,66 +61,16 @@ router
* *
* Create a new User * Create a new User
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
const body = req.body; apiValidator(schema.getValidationSchema('/users', 'post'), req.body)
.then((payload) => {
try { return internalUser.create(res.locals.access, payload);
// If we are in setup mode, we don't check access for current user
const setup = await isSetup();
if (!setup) {
logger.info("Creating a new user in setup mode");
const access = new Access(null);
await access.load(true);
res.locals.access = access;
// We are in setup mode, set some defaults for this first new user, such as making
// them an admin.
body.is_disabled = false;
if (typeof body.roles !== "object" || body.roles === null) {
body.roles = [];
}
if (body.roles.indexOf("admin") === -1) {
body.roles.push("admin");
}
}
const payload = await apiValidator(
getValidationSchema("/users", "post"),
body,
);
const user = await internalUser.create(res.locals.access, payload);
res.status(201).send(user);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}) })
.then((result) => {
/** res.status(201)
* DELETE /api/users .send(result);
* })
* Deletes ALL users. This is NOT GENERALLY AVAILABLE! .catch(next);
* (!) It is NOT an authenticated endpoint.
* (!) Only CI should be able to call this endpoint. As a result,
*
* it will only work when the env vars DEBUG=true and CI=true
*
* Do NOT set those env vars in a production environment!
*/
.delete(async (_, res, next) => {
if (isCI()) {
try {
logger.warn("Deleting all users - CI environment detected, allowing this operation");
await internalUser.deleteAll();
res.status(200).send(true);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
return;
}
next(new errs.ItemNotFoundError());
}); });
/** /**
@@ -139,7 +79,7 @@ router
* /api/users/123 * /api/users/123
*/ */
router router
.route("/:user_id") .route('/:user_id')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -151,43 +91,37 @@ router
* *
* Retrieve a specific user * Retrieve a specific user
*/ */
.get(async (req, res, next) => { .get((req, res, next) => {
try { validator({
const data = await validator( required: ['user_id'],
{
required: ["user_id"],
additionalProperties: false, additionalProperties: false,
properties: { properties: {
user_id: { user_id: {
$ref: "common#/properties/id", $ref: 'common#/properties/id'
}, },
expand: { expand: {
$ref: "common#/properties/expand", $ref: 'common#/properties/expand'
}, }
}, }
}, }, {
{
user_id: req.params.user_id, user_id: req.params.user_id,
expand: expand: (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null)
typeof req.query.expand === "string" })
? req.query.expand.split(",") .then((data) => {
: null, return internalUser.get(res.locals.access, {
},
);
const user = await internalUser.get(res.locals.access, {
id: data.user_id, id: data.user_id,
expand: data.expand, expand: data.expand,
omit: internalUser.getUserOmisionsByAccess( omit: internalUser.getUserOmisionsByAccess(res.locals.access, data.user_id)
res.locals.access,
data.user_id,
),
}); });
res.status(200).send(user); })
} catch (err) { .then((user) => {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); res.status(200)
.send(user);
})
.catch((err) => {
console.log(err);
next(err); next(err);
} });
}) })
/** /**
@@ -195,19 +129,17 @@ router
* *
* Update and existing user * Update and existing user
*/ */
.put(async (req, res, next) => { .put((req, res, next) => {
try { apiValidator(schema.getValidationSchema('/users/{userID}', 'put'), req.body)
const payload = await apiValidator( .then((payload) => {
getValidationSchema("/users/{userID}", "put"),
req.body,
);
payload.id = req.params.user_id; payload.id = req.params.user_id;
const result = await internalUser.update(res.locals.access, payload); return internalUser.update(res.locals.access, payload);
res.status(200).send(result); })
} catch (err) { .then((result) => {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); res.status(200)
next(err); .send(result);
} })
.catch(next);
}) })
/** /**
@@ -215,16 +147,13 @@ router
* *
* Update and existing user * Update and existing user
*/ */
.delete(async (req, res, next) => { .delete((req, res, next) => {
try { internalUser.delete(res.locals.access, {id: req.params.user_id})
const result = await internalUser.delete(res.locals.access, { .then((result) => {
id: req.params.user_id, res.status(200)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
/** /**
@@ -233,8 +162,8 @@ router
* /api/users/123/auth * /api/users/123/auth
*/ */
router router
.route("/:user_id/auth") .route('/:user_id/auth')
.options((_, res) => { .options((req, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
.all(jwtdecode()) .all(jwtdecode())
@@ -245,19 +174,17 @@ router
* *
* Update password for a user * Update password for a user
*/ */
.put(async (req, res, next) => { .put((req, res, next) => {
try { apiValidator(schema.getValidationSchema('/users/{userID}/auth', 'put'), req.body)
const payload = await apiValidator( .then((payload) => {
getValidationSchema("/users/{userID}/auth", "put"),
req.body,
);
payload.id = req.params.user_id; payload.id = req.params.user_id;
const result = await internalUser.setPassword(res.locals.access, payload); return internalUser.setPassword(res.locals.access, payload);
res.status(200).send(result); })
} catch (err) { .then((result) => {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); res.status(201)
next(err); .send(result);
} })
.catch(next);
}); });
/** /**
@@ -266,8 +193,8 @@ router
* /api/users/123/permissions * /api/users/123/permissions
*/ */
router router
.route("/:user_id/permissions") .route('/:user_id/permissions')
.options((_, res) => { .options((req, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
.all(jwtdecode()) .all(jwtdecode())
@@ -278,22 +205,17 @@ router
* *
* Set some or all permissions for a user * Set some or all permissions for a user
*/ */
.put(async (req, res, next) => { .put((req, res, next) => {
try { apiValidator(schema.getValidationSchema('/users/{userID}/permissions', 'put'), req.body)
const payload = await apiValidator( .then((payload) => {
getValidationSchema("/users/{userID}/permissions", "put"),
req.body,
);
payload.id = req.params.user_id; payload.id = req.params.user_id;
const result = await internalUser.setPermissions( return internalUser.setPermissions(res.locals.access, payload);
res.locals.access, })
payload, .then((result) => {
); res.status(201)
res.status(200).send(result); .send(result);
} catch (err) { })
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); .catch(next);
next(err);
}
}); });
/** /**
@@ -302,7 +224,7 @@ router
* /api/users/123/login * /api/users/123/login
*/ */
router router
.route("/:user_id/login") .route('/:user_id/login')
.options((_, res) => { .options((_, res) => {
res.sendStatus(204); res.sendStatus(204);
}) })
@@ -313,16 +235,13 @@ router
* *
* Log in as a user * Log in as a user
*/ */
.post(async (req, res, next) => { .post((req, res, next) => {
try { internalUser.loginAs(res.locals.access, {id: parseInt(req.params.user_id, 10)})
const result = await internalUser.loginAs(res.locals.access, { .then((result) => {
id: Number.parseInt(req.params.user_id, 10), res.status(201)
}); .send(result);
res.status(200).send(result); })
} catch (err) { .catch(next);
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
}); });
export default router; module.exports = router;

160
backend/schema/common.json
View File

@@ -7,8 +7,7 @@
"description": "Unique identifier", "description": "Unique identifier",
"readOnly": true, "readOnly": true,
"type": "integer", "type": "integer",
"minimum": 1, "minimum": 1
"example": 11
}, },
"expand": { "expand": {
"anyOf": [ "anyOf": [
@@ -39,42 +38,35 @@
"created_on": { "created_on": {
"description": "Date and time of creation", "description": "Date and time of creation",
"readOnly": true, "readOnly": true,
"type": "string", "type": "string"
"example": "2025-10-28T04:17:54.000Z"
}, },
"modified_on": { "modified_on": {
"description": "Date and time of last update", "description": "Date and time of last update",
"readOnly": true, "readOnly": true,
"type": "string", "type": "string"
"example": "2025-10-28T04:17:54.000Z"
}, },
"user_id": { "user_id": {
"description": "User ID", "description": "User ID",
"type": "integer", "type": "integer",
"minimum": 1, "minimum": 1
"example": 2
}, },
"certificate_id": { "certificate_id": {
"description": "Certificate ID", "description": "Certificate ID",
"anyOf": [ "anyOf": [
{ {
"type": "integer", "type": "integer",
"minimum": 0, "minimum": 0
"example": 5
}, },
{ {
"type": "string", "type": "string",
"pattern": "^new$", "pattern": "^new$"
"example": "new"
} }
], ]
"example": 5
}, },
"access_list_id": { "access_list_id": {
"description": "Access List ID", "description": "Access List ID",
"type": "integer", "type": "integer",
"minimum": 0, "minimum": 0
"example": 3
}, },
"domain_names": { "domain_names": {
"description": "Domain Names separated by a comma", "description": "Domain Names separated by a comma",
@@ -85,157 +77,39 @@
"items": { "items": {
"type": "string", "type": "string",
"pattern": "^[^&| @!#%^();:/\\\\}{=+?<>,~`'\"]+$" "pattern": "^[^&| @!#%^();:/\\\\}{=+?<>,~`'\"]+$"
}, }
"example": ["example.com", "www.example.com"]
}, },
"enabled": { "enabled": {
"description": "Is Enabled", "description": "Is Enabled",
"type": "boolean", "type": "boolean"
"example": false
}, },
"ssl_forced": { "ssl_forced": {
"description": "Is SSL Forced", "description": "Is SSL Forced",
"type": "boolean", "type": "boolean"
"example": true
}, },
"hsts_enabled": { "hsts_enabled": {
"description": "Is HSTS Enabled", "description": "Is HSTS Enabled",
"type": "boolean", "type": "boolean"
"example": true
}, },
"hsts_subdomains": { "hsts_subdomains": {
"description": "Is HSTS applicable to all subdomains", "description": "Is HSTS applicable to all subdomains",
"type": "boolean", "type": "boolean"
"example": true
}, },
"ssl_provider": { "ssl_provider": {
"type": "string", "type": "string",
"pattern": "^(letsencrypt|other)$", "pattern": "^(letsencrypt|other)$"
"example": "letsencrypt"
}, },
"http2_support": { "http2_support": {
"description": "HTTP2 Protocol Support", "description": "HTTP2 Protocol Support",
"type": "boolean", "type": "boolean"
"example": true
}, },
"block_exploits": { "block_exploits": {
"description": "Should we block common exploits", "description": "Should we block common exploits",
"type": "boolean", "type": "boolean"
"example": false
}, },
"caching_enabled": { "caching_enabled": {
"description": "Should we cache assets", "description": "Should we cache assets",
"type": "boolean", "type": "boolean"
"example": true
},
"email": {
"description": "Email address",
"type": "string",
"pattern": "^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}$",
"example": "me@example.com"
},
"directive": {
"type": "string",
"enum": ["allow", "deny"],
"example": "allow"
},
"address": {
"oneOf": [
{
"type": "string",
"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
},
{
"type": "string",
"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
},
{
"type": "string",
"pattern": "^all$"
}
],
"example": "192.168.0.11"
},
"access_items": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"username": {
"type": "string",
"minLength": 1
},
"password": {
"type": "string"
}
},
"example": {
"username": "admin",
"password": "pass"
}
},
"example": [
{
"username": "admin",
"password": "pass"
}
]
},
"access_clients": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"address": {
"$ref": "#/properties/address"
},
"directive": {
"$ref": "#/properties/directive"
}
},
"example": {
"directive": "allow",
"address": "192.168.0.0/24"
}
},
"example": [
{
"directive": "allow",
"address": "192.168.0.0/24"
}
]
},
"certificate_files": {
"description": "Certificate Files",
"content": {
"multipart/form-data": {
"schema": {
"type": "object",
"additionalProperties": false,
"required": ["certificate", "certificate_key"],
"properties": {
"certificate": {
"type": "string",
"example": "-----BEGIN CERTIFICATE-----\nMIID...-----END CERTIFICATE-----"
},
"certificate_key": {
"type": "string",
"example": "-----BEGIN CERTIFICATE-----\nMIID...-----END CERTIFICATE-----"
},
"intermediate_certificate": {
"type": "string",
"example": "-----BEGIN CERTIFICATE-----\nMIID...-----END CERTIFICATE-----"
}
}
},
"example": {
"certificate": "-----BEGIN CERTIFICATE-----\nMIID...-----END CERTIFICATE-----",
"certificate_key": "-----BEGIN PRIVATE\nMIID...-----END CERTIFICATE-----"
}
}
}
} }
} }
} }

40
backend/schema/components/access-list-object.json
View File

@@ -1,7 +1,8 @@
{ {
"type": "object", "type": "object",
"description": "Access List object", "description": "Access List object",
"required": ["id", "created_on", "modified_on", "owner_user_id", "name", "meta", "satisfy_any", "pass_auth", "proxy_host_count"], "required": ["id", "created_on", "modified_on", "owner_user_id", "name", "directive", "address", "satisfy_any", "pass_auth", "meta"],
"additionalProperties": false,
"properties": { "properties": {
"id": { "id": {
"$ref": "../common.json#/properties/id" "$ref": "../common.json#/properties/id"
@@ -17,25 +18,36 @@
}, },
"name": { "name": {
"type": "string", "type": "string",
"minLength": 1, "minLength": 1
"example": "My Access List"
}, },
"meta": { "directive": {
"type": "object", "type": "string",
"example": {} "enum": ["allow", "deny"]
},
"address": {
"oneOf": [
{
"type": "string",
"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
},
{
"type": "string",
"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
},
{
"type": "string",
"pattern": "^all$"
}
]
}, },
"satisfy_any": { "satisfy_any": {
"type": "boolean", "type": "boolean"
"example": true
}, },
"pass_auth": { "pass_auth": {
"type": "boolean", "type": "boolean"
"example": false
}, },
"proxy_host_count": { "meta": {
"type": "integer", "type": "object"
"minimum": 0,
"example": 3
} }
} }
} }

7
backend/schema/components/audit-log-list.json
View File

@@ -1,7 +0,0 @@
{
"type": "array",
"description": "Audit Log list",
"items": {
"$ref": "./audit-log-object.json"
}
}

23
backend/schema/components/audit-log-object.json
View File

@@ -1,16 +1,7 @@
{ {
"type": "object", "type": "object",
"description": "Audit Log object", "description": "Audit Log object",
"required": [ "required": ["id", "created_on", "modified_on", "user_id", "object_type", "object_id", "action", "meta"],
"id",
"created_on",
"modified_on",
"user_id",
"object_type",
"object_id",
"action",
"meta"
],
"additionalProperties": false, "additionalProperties": false,
"properties": { "properties": {
"id": { "id": {
@@ -26,22 +17,16 @@
"$ref": "../common.json#/properties/user_id" "$ref": "../common.json#/properties/user_id"
}, },
"object_type": { "object_type": {
"type": "string", "type": "string"
"example": "certificate"
}, },
"object_id": { "object_id": {
"$ref": "../common.json#/properties/id" "$ref": "../common.json#/properties/id"
}, },
"action": { "action": {
"type": "string", "type": "string"
"example": "created"
}, },
"meta": { "meta": {
"type": "object", "type": "object"
"example": {}
},
"user": {
"$ref": "./user-object.json"
} }
} }
} }

24
backend/schema/components/certificate-object.json
View File

@@ -21,8 +21,7 @@
}, },
"nice_name": { "nice_name": {
"type": "string", "type": "string",
"description": "Nice Name for the custom certificate", "description": "Nice Name for the custom certificate"
"example": "My Custom Cert"
}, },
"domain_names": { "domain_names": {
"description": "Domain Names separated by a comma", "description": "Domain Names separated by a comma",
@@ -32,14 +31,12 @@
"items": { "items": {
"type": "string", "type": "string",
"pattern": "^[^&| @!#%^();:/\\\\}{=+?<>,~`'\"]+$" "pattern": "^[^&| @!#%^();:/\\\\}{=+?<>,~`'\"]+$"
}, }
"example": ["example.com", "www.example.com"]
}, },
"expires_on": { "expires_on": {
"description": "Date and time of expiration", "description": "Date and time of expiration",
"readOnly": true, "readOnly": true,
"type": "string", "type": "string"
"example": "2025-10-28T04:17:54.000Z"
}, },
"owner": { "owner": {
"$ref": "./user-object.json" "$ref": "./user-object.json"
@@ -59,22 +56,25 @@
"dns_challenge": { "dns_challenge": {
"type": "boolean" "type": "boolean"
}, },
"dns_provider_credentials": {
"type": "string"
},
"dns_provider": { "dns_provider": {
"type": "string" "type": "string"
}, },
"dns_provider_credentials": {
"type": "string"
},
"letsencrypt_agree": {
"type": "boolean"
},
"letsencrypt_certificate": { "letsencrypt_certificate": {
"type": "object" "type": "object"
}, },
"letsencrypt_email": {
"type": "string"
},
"propagation_seconds": { "propagation_seconds": {
"type": "integer", "type": "integer",
"minimum": 0 "minimum": 0
} }
},
"example": {
"dns_challenge": false
} }
} }
} }

21
backend/schema/components/dead-host-object.json
View File

@@ -35,30 +35,13 @@
"$ref": "../common.json#/properties/http2_support" "$ref": "../common.json#/properties/http2_support"
}, },
"advanced_config": { "advanced_config": {
"type": "string", "type": "string"
"example": ""
}, },
"enabled": { "enabled": {
"$ref": "../common.json#/properties/enabled" "$ref": "../common.json#/properties/enabled"
}, },
"meta": { "meta": {
"type": "object", "type": "object"
"example": {}
},
"certificate": {
"oneOf": [
{
"type": "null",
"example": null
},
{
"$ref": "./certificate-object.json"
}
],
"example": null
},
"owner": {
"$ref": "./user-object.json"
} }
} }
} }

23
backend/schema/components/dns-providers-list.json
View File

@@ -1,23 +0,0 @@
{
"type": "array",
"description": "DNS Providers list",
"items": {
"type": "object",
"required": ["id", "name", "credentials"],
"additionalProperties": false,
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the DNS provider, matching the python package"
},
"name": {
"type": "string",
"description": "Human-readable name of the DNS provider"
},
"credentials": {
"type": "string",
"description": "Instructions on how to format the credentials for this DNS provider"
}
}
}
}

6
backend/schema/components/error-object.json
View File

@@ -5,12 +5,10 @@
"required": ["code", "message"], "required": ["code", "message"],
"properties": { "properties": {
"code": { "code": {
"type": "integer", "type": "integer"
"example": 400
}, },
"message": { "message": {
"type": "string", "type": "string"
"example": "Bad Request"
} }
} }
} }

14
backend/schema/components/health-object.json
View File

@@ -9,11 +9,6 @@
"description": "Healthy", "description": "Healthy",
"example": "OK" "example": "OK"
}, },
"setup": {
"type": "boolean",
"description": "Whether the initial setup has been completed",
"example": true
},
"version": { "version": {
"type": "object", "type": "object",
"description": "The version object", "description": "The version object",
@@ -27,18 +22,15 @@
"properties": { "properties": {
"major": { "major": {
"type": "integer", "type": "integer",
"minimum": 0, "minimum": 0
"example": 2
}, },
"minor": { "minor": {
"type": "integer", "type": "integer",
"minimum": 0, "minimum": 0
"example": 10
}, },
"revision": { "revision": {
"type": "integer", "type": "integer",
"minimum": 0, "minimum": 0
"example": 1
} }
} }
} }

21
backend/schema/components/permission-object.json
View File

@@ -5,44 +5,37 @@
"visibility": { "visibility": {
"type": "string", "type": "string",
"description": "Visibility Type", "description": "Visibility Type",
"enum": ["all", "user"], "enum": ["all", "user"]
"example": "all"
}, },
"access_lists": { "access_lists": {
"type": "string", "type": "string",
"description": "Access Lists Permissions", "description": "Access Lists Permissions",
"enum": ["hidden", "view", "manage"], "enum": ["hidden", "view", "manage"]
"example": "view"
}, },
"dead_hosts": { "dead_hosts": {
"type": "string", "type": "string",
"description": "404 Hosts Permissions", "description": "404 Hosts Permissions",
"enum": ["hidden", "view", "manage"], "enum": ["hidden", "view", "manage"]
"example": "manage"
}, },
"proxy_hosts": { "proxy_hosts": {
"type": "string", "type": "string",
"description": "Proxy Hosts Permissions", "description": "Proxy Hosts Permissions",
"enum": ["hidden", "view", "manage"], "enum": ["hidden", "view", "manage"]
"example": "hidden"
}, },
"redirection_hosts": { "redirection_hosts": {
"type": "string", "type": "string",
"description": "Redirection Permissions", "description": "Redirection Permissions",
"enum": ["hidden", "view", "manage"], "enum": ["hidden", "view", "manage"]
"example": "view"
}, },
"streams": { "streams": {
"type": "string", "type": "string",
"description": "Streams Permissions", "description": "Streams Permissions",
"enum": ["hidden", "view", "manage"], "enum": ["hidden", "view", "manage"]
"example": "manage"
}, },
"certificates": { "certificates": {
"type": "string", "type": "string",
"description": "Certificates Permissions", "description": "Certificates Permissions",
"enum": ["hidden", "view", "manage"], "enum": ["hidden", "view", "manage"]
"example": "hidden"
} }
} }
} }

55
backend/schema/components/proxy-host-object.json
View File

@@ -9,6 +9,7 @@
"domain_names", "domain_names",
"forward_host", "forward_host",
"forward_port", "forward_port",
"client_max_body_size",
"access_list_id", "access_list_id",
"certificate_id", "certificate_id",
"ssl_forced", "ssl_forced",
@@ -22,8 +23,10 @@
"enabled", "enabled",
"locations", "locations",
"hsts_enabled", "hsts_enabled",
"hsts_subdomains" "hsts_subdomains",
"certificate"
], ],
"additionalProperties": false,
"properties": { "properties": {
"id": { "id": {
"$ref": "../common.json#/properties/id" "$ref": "../common.json#/properties/id"
@@ -43,14 +46,17 @@
"forward_host": { "forward_host": {
"type": "string", "type": "string",
"minLength": 1, "minLength": 1,
"maxLength": 255, "maxLength": 255
"example": "127.0.0.1"
}, },
"forward_port": { "forward_port": {
"type": "integer", "type": "integer",
"minimum": 1, "minimum": 1,
"maximum": 65535, "maximum": 65535
"example": 8080 },
"client_max_body_size": {
"type": "integer",
"minimum": 1,
"maximum": 4096
}, },
"access_list_id": { "access_list_id": {
"$ref": "../common.json#/properties/access_list_id" "$ref": "../common.json#/properties/access_list_id"
@@ -68,28 +74,22 @@
"$ref": "../common.json#/properties/block_exploits" "$ref": "../common.json#/properties/block_exploits"
}, },
"advanced_config": { "advanced_config": {
"type": "string", "type": "string"
"example": ""
}, },
"meta": { "meta": {
"type": "object", "type": "object"
"example": {
"nginx_online": true,
"nginx_err": null
}
}, },
"allow_websocket_upgrade": { "allow_websocket_upgrade": {
"description": "Allow Websocket Upgrade for all paths", "description": "Allow Websocket Upgrade for all paths",
"type": "boolean", "example": true,
"example": true "type": "boolean"
}, },
"http2_support": { "http2_support": {
"$ref": "../common.json#/properties/http2_support" "$ref": "../common.json#/properties/http2_support"
}, },
"forward_scheme": { "forward_scheme": {
"type": "string", "type": "string",
"enum": ["http", "https"], "enum": ["http", "https"]
"example": "http"
}, },
"enabled": { "enabled": {
"$ref": "../common.json#/properties/enabled" "$ref": "../common.json#/properties/enabled"
@@ -118,6 +118,9 @@
"forward_port": { "forward_port": {
"$ref": "#/properties/forward_port" "$ref": "#/properties/forward_port"
}, },
"client_max_body_size": {
"$ref": "#/properties/client_max_body_size"
},
"forward_path": { "forward_path": {
"type": "string" "type": "string"
}, },
@@ -125,15 +128,7 @@
"type": "string" "type": "string"
} }
} }
},
"example": [
{
"path": "/app",
"forward_scheme": "http",
"forward_host": "example.com",
"forward_port": 80
} }
]
}, },
"hsts_enabled": { "hsts_enabled": {
"$ref": "../common.json#/properties/hsts_enabled" "$ref": "../common.json#/properties/hsts_enabled"
@@ -144,14 +139,12 @@
"certificate": { "certificate": {
"oneOf": [ "oneOf": [
{ {
"type": "null", "type": "null"
"example": null
}, },
{ {
"$ref": "./certificate-object.json" "$ref": "./certificate-object.json"
} }
], ]
"example": null
}, },
"owner": { "owner": {
"$ref": "./user-object.json" "$ref": "./user-object.json"
@@ -159,14 +152,12 @@
"access_list": { "access_list": {
"oneOf": [ "oneOf": [
{ {
"type": "null", "type": "null"
"example": null
}, },
{ {
"$ref": "./access-list-object.json" "$ref": "./access-list-object.json"
} }
], ]
"example": null
} }
} }
} }

64
backend/schema/components/redirection-host-object.json
View File

@@ -1,26 +1,7 @@
{ {
"type": "object", "type": "object",
"description": "Redirection Host object", "description": "Redirection Host object",
"required": [ "required": ["id", "created_on", "modified_on", "owner_user_id", "domain_names", "forward_http_code", "forward_scheme", "forward_domain_name", "preserve_path", "certificate_id", "ssl_forced", "hsts_enabled", "hsts_subdomains", "http2_support", "block_exploits", "advanced_config", "enabled", "meta"],
"id",
"created_on",
"modified_on",
"owner_user_id",
"domain_names",
"forward_http_code",
"forward_scheme",
"forward_domain_name",
"preserve_path",
"certificate_id",
"ssl_forced",
"hsts_enabled",
"hsts_subdomains",
"http2_support",
"block_exploits",
"advanced_config",
"enabled",
"meta"
],
"additionalProperties": false, "additionalProperties": false,
"properties": { "properties": {
"id": { "id": {
@@ -40,30 +21,25 @@
}, },
"forward_http_code": { "forward_http_code": {
"description": "Redirect HTTP Status Code", "description": "Redirect HTTP Status Code",
"example": 302,
"type": "integer", "type": "integer",
"minimum": 300, "minimum": 300,
"maximum": 308, "maximum": 308
"example": 302
}, },
"forward_scheme": { "forward_scheme": {
"type": "string", "type": "string",
"enum": [ "enum": ["auto", "http", "https"]
"auto",
"http",
"https"
],
"example": "http"
}, },
"forward_domain_name": { "forward_domain_name": {
"description": "Domain Name", "description": "Domain Name",
"example": "jc21.com",
"type": "string", "type": "string",
"pattern": "^(?:[^.*]+\\.?)+[^.]$", "pattern": "^(?:[^.*]+\\.?)+[^.]$"
"example": "jc21.com"
}, },
"preserve_path": { "preserve_path": {
"description": "Should the path be preserved", "description": "Should the path be preserved",
"type": "boolean", "example": true,
"example": true "type": "boolean"
}, },
"certificate_id": { "certificate_id": {
"$ref": "../common.json#/properties/certificate_id" "$ref": "../common.json#/properties/certificate_id"
@@ -84,33 +60,13 @@
"$ref": "../common.json#/properties/block_exploits" "$ref": "../common.json#/properties/block_exploits"
}, },
"advanced_config": { "advanced_config": {
"type": "string", "type": "string"
"example": ""
}, },
"enabled": { "enabled": {
"$ref": "../common.json#/properties/enabled" "$ref": "../common.json#/properties/enabled"
}, },
"meta": { "meta": {
"type": "object", "type": "object"
"example": {
"nginx_online": true,
"nginx_err": null
}
},
"certificate": {
"oneOf": [
{
"type": "null",
"example": null
},
{
"$ref": "./certificate-object.json"
}
],
"example": null
},
"owner": {
"$ref": "./user-object.json"
} }
} }
} }

Some files were not shown because too many files have changed in this diff Show More